WebDevStudios Constant Contact for WordPress PHP Object Injection Vulnerability

A deserialization vulnerability allowing object injection has been identified in the WebDevStudios Constant Contact for WordPress plugin, affecting versions through 4.1.1. This vulnerability could lead to PHP object injection, which, if exploited, might allow a malicious actor to execute code injection, SQL injection, path traversal, denial of service, and more, provided a suitable property-oriented programming chain is available.

Impact

Exploitation of this vulnerability could result in PHP object injection, allowing for various attacks such as code injection, SQL injection, path traversal, and denial of service, depending on the availability of a proper object-oriented programming chain.

Remediation

Users are advised to update to a version of the WebDevStudios Constant Contact for WordPress plugin that is not affected by this vulnerability. Patchstack has issued a virtual patch to mitigate this issue by blocking attacks until an official fix is available.