Glossary by WPPedia WordPress Plugin PHP Object Injection Vulnerability

A PHP Object Injection vulnerability has been identified in the Glossary by WPPedia WordPress plugin, affecting all versions through 1.3.0. The vulnerability arises from the deserialization of untrusted input in the 'posttypes' parameter, allowing authenticated attackers with Administrator-level access to inject a PHP object. While the vulnerable plugin itself does not have a known object-oriented programming (POP) chain, the vulnerability could be exploited if another plugin or theme with a POP chain is installed, potentially leading to actions such as deleting arbitrary files, accessing sensitive data, or executing code, depending on the nature of the POP chain.

Impact

Exploitation of this vulnerability could allow for PHP Object Injection, with potential consequences depending on the presence of a POP chain in another installed plugin or theme.

Reproduction

To reproduce this vulnerability, an authenticated user with Administrator-level access can send a request that includes the 'posttypes' parameter with untrusted data. This will trigger the deserialization process in the vulnerable plugin, leading to the injection of a PHP object.

Remediation

No known patch is available. It is recommended to uninstall the affected plugin and find a replacement.