WordPress PHP/MySQL CPU Performance Statistics Plugin Object Injection Vulnerability

A deserialization vulnerability allowing object injection has been identified in the WordPress PHP/MySQL CPU Performance Statistics Plugin, affecting versions through 1.2.1. This vulnerability could lead to PHP object injection, with potential consequences such as code execution, SQL injection, path traversal, or denial of service, depending on the presence of a suitable object injection chain.

Impact

Exploitation of this vulnerability allows for PHP object injection, which could be leveraged to execute arbitrary code, inject malicious SQL, traverse file paths inappropriately, cause a denial of service, or exploit other vulnerabilities, if a proper object injection chain is available.

Remediation

Users are advised to update to a version of the WordPress PHP/MySQL CPU Performance Statistics Plugin that is later than 1.2.1. For those unable to update, Patchstack offers a virtual patch that can be applied to mitigate this vulnerability.