| |
Vulnerability CVE-2024-1770
Published: 2024-03-28
| Description: |
The Meta Tag Manager plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.2 via deserialization of untrusted input in the get_post_data function. This makes it possible for authenticated attackers, with contributor access or higher, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. |
References: |
https://www.wordfence.com/threat-intel/vulnerabilities/id/9ec1aed2-d299-4fa9-add6-10b63ed6aa30?source=cve
https://plugins.trac.wordpress.org/changeset/3054910/meta-tag-manager/trunk/meta-tag-manager.php
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
