Yet Another Stars Rating <= 1.8.6 - PHP Object Injection



Description
An unauthenticated PHP object injection in the "Yasr – Yet Another Stars Rating" WordPress plugin introduces a starting point for RCE and similiar high-severity vulnerabilities. As of 27.01.2019, the plugin has over 20.000 active installations and round about 500.000 downloads. A shortcode provided by the plugin passes Cookie data without any filtering to PHPs unsafe unserialize() function.

Affects Plugin

fixed in version 1.8.7

References

URL https://dannewitz.ninja/posts/php-unserialize-object-injection-yet-another-stars-rating-wordpress
URL https://plugins.trac.wordpress.org/changeset/2019911/yet-another-stars-rating/tags/1.8.7/lib/yasr-functions.php

Classification

Type OBJECTINJECTION

Miscellaneous

Original Researcher Paul Dannewitz
Submitter Paul Dannewitz
Submitter Website https://dannewitz.ninja
Submitter Twitter padannewitz
Views 2766
Verified No
WPVDB ID 9207

Timeline

Publicly Published 2019-01-27 (26 days ago)
Added 2019-01-28 (25 days ago)
Last Updated 2019-01-28 (25 days ago)

Copyright & License

Copyright All data and resources contained within this page and this web site is Copyright © The WPScan Team.
License Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.