WordPress Smart Sections Theme Builder PHP Object Injection Vulnerability

A PHP object injection vulnerability has been identified in the WordPress Smart Sections Theme Builder - WPBakery Page Builder Addon, affecting versions through 1.7.8. This vulnerability arises from the deserialization of untrusted data, which could potentially allow for code execution, SQL injection, path traversal, denial-of-service, and more, if a suitable object injection chain is exploited.

Impact

Exploitation of this vulnerability could lead to PHP object injection, allowing for various types of code injection or manipulation, such as executing arbitrary code, injecting malicious SQL that could be executed against the database, traversing the file system in an unintended way, or causing a denial-of-service condition.

Remediation

Users are advised to update to a version later than 1.7.8. For those unable to update immediately, Patchstack has provided a virtual patch that blocks attacks targeting this vulnerability.