The joomsport_md_load AJAX action of the plugin, registered for both unauthenticated and unauthenticated users, unserialised user input from the shattr POST parameter, leading to a PHP Object Injection issue. Even though the plugin does not have a suitable gadget chain to exploit this, other installed plugins could, which might lead to more severe issues such as RCE
POST /wp-admin/admin-ajax.php [...] action=joomsport_md_load&mdId=1&shattr=Tzo0OiJURVNUIjowOnt9
Bugbang
Bugbang
Yes
2021-06-08 (about 1 years ago)
2021-06-08 (about 1 years ago)
2022-01-17 (about 5 months ago)