DesignThemes Crafts & Arts PHP Object Injection Vulnerability

A deserialization vulnerability allowing object injection has been identified in the WordPress theme Crafts & Arts, affecting versions through 2.5. This vulnerability arises from the improper handling of untrusted data, which could lead to various injection attacks, including code injection, SQL injection, and path traversal, especially if a suitable object injection chain is exploited.

Impact

Exploitation of this vulnerability could allow for PHP object injection, which generally could lead to code execution, SQL injection, path traversal, denial of service, and more, depending on the presence of a proper object injection chain.

Remediation

Users of the Crafts & Arts WordPress theme are advised to update to version 2.5 or later. For those unable to update immediately, Patchstack offers a virtual patch that can be applied to mitigate this vulnerability.