WordPress Plugin Vulnerabilities

ToTop Link <= 1.7.1 - Unauthenticated PHP Object Injection

Description

The plugin passes base64 encoded user input to the unserialize() PHP function, which could lead to PHP Object injection if a plugin installed on the blog has a suitable gadget chain.

Proof of Concept

https://example.com/wp-content/plugins/totop-link/totop-link.css.php?vars=base64encoded_payload

Affects Plugins

Plugin icon
totop-link
No known fix

References

CVE
CVE-2021-24857

Classification

Type
OBJECT INJECTION
OWASP top 10
A8: Insecure Deserialization
CWE
CWE-502
CVSS
5.6 (medium)

Miscellaneous

Original Researcher
Muhammed Kara
Submitter
Muhammed Kara
Verified
Yes
WPVDB ID
518204d8-fbf5-4bfa-9db5-835f908f8d8e

Timeline

Publicly Published
2021-11-15 (about 2 years ago)
Added
2021-11-15 (about 2 years ago)
Last Updated
2022-04-23 (about 2 years ago)

Other

Published
Title
Published
2023-01-28
Title
ShopLentor < 2.5.4 - PHP Object Injection
Published
2023-12-05
Title
Genesis Simple Love <= 2.0 - Unauthenticated PHP Object Injection
Published
2024-03-06
Title
PDF Invoices and Packing Slips For WooCommerce < 1.3.8 - Authenticated (Subscriber+) PHP Object Injection
Published
2024-03-26
Title
Sunshine Photo Cart: Free Client Photo Galleries for Photographers < 3.1.2 - Unauthenticated PHP Object Injection
Published
2023-02-08
Title
Replyable < 2.2.10 - Subscriber+ PHP Object Injection