Divi Booster WordPress Plugin Unauthenticated PHP Object Injection Vulnerability

A vulnerability in the Divi Booster WordPress plugin, affecting versions prior to 5.0.2, allows unauthenticated users to modify plugin options. The issue arises from a lack of authorization and Cross-Site Request Forgery (CSRF) protections in a specific function. Additionally, the vulnerability can be exploited further by leveraging PHP object injection, due to the plugin's use of the unserialize() function on the data.

Impact

Exploitation of this vulnerability allows for unauthorized modification of plugin options and could lead to arbitrary PHP object injection, where an attacker can manipulate object deserialization to execute malicious code.

Reproduction

To reproduce this vulnerability, the Divi theme must be active, and the plugin settings should have been saved at least once to activate the plugin's fix. Once these conditions are met, an unauthenticated request can be sent to upload a crafted file that exploits the vulnerability. After the upload, the modified option can be verified in the WordPress options table.

Remediation

Users are advised to update the Divi Booster WordPress plugin to version 5.0.2 or later.