DesignThemes Vivagh WordPress Theme PHP Object Injection Vulnerability

A deserialization vulnerability allowing object injection has been identified in the WordPress Vivagh theme, affecting versions through 2.4. This vulnerability could lead to various types of code injection, including PHP object injection, SQL injection, and path traversal, as well as causing a denial-of-service, especially if a suitable payload execution chain is available.

Impact

Exploitation of this vulnerability could allow for PHP object injection, which could be leveraged to execute arbitrary code, inject malicious SQL, traverse directories in an unauthorized manner, or cause a denial-of-service condition.

Remediation

Users of the Vivagh WordPress theme are advised to update to a version later than 2.4. For immediate protection, Patchstack offers a mitigation rule that can be applied to block potential exploitation of this vulnerability.