Schema Plugin For WordPress Object Instantiation Vulnerability
Vulnerability
A vulnerability allowing object instantiation through the deserialization of untrusted input has been identified in the Schema Plugin For Divi, Gutenberg & Shortcodes for WordPress. This issue affects all versions up to and including 4.3.2. Authenticated attackers with Contributor-level access or higher can exploit this vulnerability by injecting a PHP object via the wpt_schema_breadcrumbs shortcode. While the vulnerable plugin itself does not have a known proof-of-concept chain, the impact could be significant if another plugin or theme with a proof-of-concept chain is installed, potentially allowing the attacker to delete files, access sensitive information, or execute code depending on the specific chain available.
Impact
Exploitation of this vulnerability could lead to unauthorized object injection, with potential for further exploitation if a proof-of-concept chain is available through another plugin or theme.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.