WordPress Quick Count Plugin PHP Object Injection Vulnerability

A deserialization vulnerability allowing object injection has been identified in the WordPress Quick Count plugin, affecting versions through 3.00. This vulnerability could lead to PHP object injection, with potential consequences such as code execution, SQL injection, path traversal, or denial of service, depending on the presence of a suitable payload exploitation chain.

Impact

Exploitation of this vulnerability could allow for PHP object injection, with associated risks of executing arbitrary code, injecting malicious SQL, traversing file paths inappropriately, causing a denial of service, or more, if a proper object injection payload chain is utilized.

Remediation

Users of the WordPress Quick Count plugin are advised to update to a version later than 3.00, as no official fix is currently available. However, Patchstack has issued a virtual patch that can be applied immediately to mitigate this vulnerability.