WordPress Tasty Daily Theme PHP Object Injection Vulnerability

A deserialization vulnerability allowing object injection has been identified in the WordPress Tasty Daily theme, affecting versions prior to 1.27. This vulnerability arises from the improper handling of untrusted data, which could potentially lead to various forms of code injection, including SQL injection, path traversal, and denial-of-service, especially if a suitable payload execution chain is established.

Impact

Exploitation of this vulnerability could allow for PHP object injection, which is a high-risk issue that could be leveraged to execute arbitrary code, inject malicious SQL, traverse file paths inappropriately, cause a denial-of-service, and more, depending on the presence of a proper payload execution chain.

Remediation

Users are advised to update the Tasty Daily theme to version 1.27 or later. Patchstack has also provided a mitigation rule to block attacks targeting this vulnerability until the update is applied.