CozyStay and TinySalt WordPress Plugins PHP Object Injection Vulnerability
Vulnerability
A PHP Object Injection vulnerability has been identified in the CozyStay and TinySalt WordPress plugins. This issue affects all versions of CozyStay through 1.7.0 and all versions of TinySalt through 3.9.0. The vulnerability arises from the deserialization of untrusted input in the 'ajax_handler' function, allowing unauthenticated attackers to inject PHP objects. While no known Property-Oriented Programming (POP) chain exists within the vulnerable plugins, the impact could be significant if a POP chain is introduced through another plugin or theme, potentially enabling actions such as deleting arbitrary files, accessing sensitive data, or executing code, depending on the specific POP chain available.
Impact
Exploitation of this vulnerability could lead to PHP Object Injection, allowing for the injection of PHP objects that could be exploited if a Property-Oriented Programming (POP) chain is present via another plugin or theme.
Remediation
Users are advised to update the CozyStay plugin to version 1.7.1 or later, and the TinySalt plugin to version 3.10.0 or later.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.