WordPress Plugin Vulnerabilities

Smush Image Compression and Optimization <= 2.9.1 - Authenticated Phar Deserialization

Description

The Smush – Lazy Load Images, Optimize & Compress Images WordPress plugin was affected by an Authenticated Phar Deserialization security vulnerability.

Affects Plugins

wp-smushit

Fixed in version 3.9.9

References

URL

https://blog.ripstech.com/2018/new-php-exploitation-technique/

URL

https://plugins.trac.wordpress.org/changeset/1990348/wp-smushit

Classification

Type

OBJECT INJECTION

OWASP top 10

A8: Insecure Deserialization

CWE

CWE-502

Miscellaneous

Original Researcher

RIPS Technologies

Submitter

Ryan Dewhurst

Submitter twitter

ethicalhack3r

Verified

WPVDB ID

b5bf5f41-aad3-45be-9cab-ab846b94003a

Timeline

Publicly Published

2018-12-08 (about 4 years ago)

Added

2018-12-10 (about 4 years ago)

Last Updated

2022-05-03 (about 9 months ago)

Our Other Services

WPScan WordPress Security Plugin