ThemeGoods Grand Tour WordPress Travel Agency PHP Object Injection Vulnerability

A deserialization vulnerability allowing object injection has been identified in the ThemeGoods Grand Tour WordPress theme, affecting versions through 5.5.1. This vulnerability could lead to PHP object injection, which, if exploited, might allow a malicious actor to execute code injection, SQL injection, path traversal, denial-of-service, and more, provided a suitable property-oriented programming chain is available.

Impact

Exploitation of this vulnerability could result in PHP object injection, allowing for various attacks such as code injection, SQL injection, path traversal, and denial-of-service, depending on the presence of a proper object-oriented programming chain.

Remediation

Users of the Grand Tour WordPress theme are advised to update to a version later than 5.5.1. For those seeking immediate protection, Patchstack offers a virtual patch that blocks attacks targeting this vulnerability.