WordPress Plugin Vulnerabilities
String Locator < 2.6.0 - Authenticated PHAR Deserialization
Description
The plugin does not validate a parameter, which could lead to PHAR deserialisation when an attacker manage to upload a malicious file crafted with a suitable gadget chain and having a logged in admin open a malicious link
Affects Plugins
References
CVE
Classification
Type
OBJECT INJECTION
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
Rasoul Jahanshahi
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2022-08-08 (about 1 years ago)
Added
2022-08-08 (about 1 years ago)
Last Updated
2023-05-06 (about 1 years ago)