Everest Forms WordPress Plugin Unauthenticated PHP Object Injection Vulnerability

A PHP Object Injection vulnerability has been identified in the Everest Forms WordPress plugin, specifically in versions through 3.1.1. This vulnerability arises from the deserialization of untrusted input in the 'field_value' parameter, allowing unauthenticated attackers to inject PHP objects. While the vulnerable plugin itself does not have a known object injection chain, the impact could be significant if another plugin or theme with such a chain is present, potentially enabling actions like deleting files, accessing sensitive information, or executing code, depending on the nature of the injection chain.

Impact

Exploitation of this vulnerability could lead to PHP Object Injection, allowing attackers to inject objects that could be manipulated if the target site has a suitable object injection chain available through another plugin or theme.

Reproduction

To reproduce this vulnerability, send a request to the WordPress site with the 'field_value' parameter containing a serialized PHP object. This can be done using a tool like Burp Suite or by crafting a custom script that sends the appropriate request. Ensure that the target site has an active version of the Everest Forms plugin that is through 3.1.1 and that another plugin or theme is installed that contains a PHP Object Injection chain.

Remediation

Users are advised to update the Everest Forms WordPress plugin to version 3.1.2 or later.