Maxim Secudeal Payments for Ecommerce PHP Object Injection Vulnerability

A deserialization vulnerability allowing object injection has been identified in the Secudeal Payments for Ecommerce WordPress plugin, affecting versions through 1.1. This vulnerability arises from the improper handling of untrusted data, which could potentially be exploited to execute arbitrary code, inject malicious SQL, traverse file paths, cause a denial of service, and more, if a suitable object injection chain is available.

Impact

Exploitation of this vulnerability could lead to PHP object injection, allowing for various types of code injection, SQL injection, path traversal, denial of service, and more, depending on the presence of a suitable object injection chain.

Remediation

Users are advised to immediately mitigate this vulnerability. Patchstack has released a mitigation rule to block attacks until an official patch is available.