WordPress Muzaara Google Ads Report Plugin PHP Object Injection Vulnerability
Vulnerability
A deserialization vulnerability allowing PHP object injection has been identified in the Muzaara Google Ads Report plugin for WordPress, affecting versions through 3.1. This vulnerability arises from the deserialization of untrusted data, which could lead to object injection exploits.
Impact
Exploitation of this vulnerability allows for PHP object injection, a type of vulnerability where an attacker can manipulate the deserialization process to inject malicious objects. This could potentially lead to arbitrary code execution, SQL injection, path traversal, or a denial-of-service condition, depending on the presence of a suitable object injection chain.
Remediation
Users are advised to update to a version of the Muzaara Google Ads Report plugin for WordPress that is later than 3.1. Patchstack has issued a virtual patch to mitigate this vulnerability by blocking attacks until an official fix is available.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.