GoodLayers Goodlayers Hotel PHP Object Injection Vulnerability
Vulnerability
A deserialization vulnerability allowing object injection has been identified in the GoodLayers Hotel WordPress plugin, affecting versions through 3.1.4. This vulnerability could lead to various types of code injection, including SQL injection, path traversal, and denial-of-service, especially if a suitable property-oriented programming chain is exploited.
Impact
Exploitation of this vulnerability could allow for PHP object injection, which may lead to arbitrary code execution, SQL injection, path traversal, denial-of-service, and potentially more, depending on the presence of a suitable property-oriented programming chain.
Remediation
Users are advised to update the GoodLayers Hotel WordPress plugin to a version later than 3.1.4. For those unable to update immediately, Patchstack offers a virtual patch that can be applied to mitigate the vulnerability until an official update is available.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.