ThemeGoods Photography WordPress Theme Unauthenticated PHP Object Injection Vulnerability

A deserialization vulnerability allowing PHP object injection has been identified in the ThemeGoods Photography WordPress theme, affecting versions through 7.5.2. This vulnerability could potentially lead to various types of code injection, including SQL injection, path traversal, and denial-of-service, if exploited within the right context.

Impact

Exploitation of this vulnerability could allow for unauthorized PHP object injection, which is a type of injection vulnerability that can lead to arbitrary code execution, SQL injection, path traversal, denial-of-service, and more, depending on the presence of a suitable object injection chain.

Remediation

Users are advised to update to a version of the ThemeGoods Photography WordPress theme later than 7.5.2. For those unable to update immediately, Patchstack offers a virtual patch that blocks attacks targeting this vulnerability.