WordPress vulnerability discovered in popular anti-spam plugin installed in over 60,000 websites
A WordPress anti-spam plugin with over 60,000 installations patched a PHP Object injection vulnerability that arose from improper sanitization of inputs, subsequently allowing base64 encoded user input.
Unauthenticated PHP Object Injection
Unauthenticated PHP Object Injection is a security vulnerability in PHP code where an attacker is able to manipulate user-supplied input to inject an arbitrary PHP object into the application. This can result in malicious code execution and compromise of sensitive data, such as login credentials and sensitive information stored in the application's database. To prevent this vulnerability, it is important to validate and sanitize all user input, and to avoid using user-supplied data in the creation of PHP objects. Additionally, keeping software and libraries up-to-date can also help reduce the risk of PHP object injection attacks.
0 Comments