WordPress Plugin Vulnerabilities

Post Indexer <= 3.0.6.1 - PHP Object Injection via MitM

Description

The post-indexer WordPress plugin was affected by a PHP Object Injection via MitM security vulnerability.

Affects Plugins

Plugin icon
post-indexer
Fixed in 3.0.6.2

References

CVE
CVE-2016-10948
URL
https://premium.wpmudev.org/project/post-indexer/
URL
https://advisories.dxw.com/advisories/unserialisation-in-post-indexer-could-allow-man-in-the-middle-to-execute-arbitrary-code-in-some-circumstances/
URL
https://seclists.org/fulldisclosure/2016/Nov/107

Classification

Type
OBJECT INJECTION
OWASP top 10
A8: Insecure Deserialization
CWE
CWE-502
CVSS
8.1 (high)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
5ab5d508-7970-445d-a3e2-0c1c8d55d630

Timeline

Publicly Published
2016-11-17 (about 9 years ago)
Added
2016-11-21 (about 9 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2022-10-10
Title
Customizer Export/Import < 0.9.5 - Admin+ PHP Object Injection
Published
2026-04-08
Title
Zermatt < 1.7 - Unauthenticated PHP Object Injection
Published
2024-02-22
Title
Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio <= 3.6.4 - Authenticated (Contributor+) PHP Object Injection
Published
2026-03-04
Title
Jardi | Winery, Vineyard & Wine Shop WordPress Theme <= 1.7.2 - Unauthenticated PHP Object Injection
Published
2023-12-05
Title
BCorp Shortcodes <= 0.23 - Unauthenticated PHP Object Injection