PHP Object Injection Vulnerability in SecureMoz Security Audit Plugin for WordPress
CVE-2015-6828

Currently unrated

Key Information:

Vendor

Wordpress
Status
Security Audit
Vendor
CVE Published:
16 September 2015

What is CVE-2015-6828?

The SecureMoz Security Audit plugin for WordPress, specifically version 1.0.5 and earlier, contains a vulnerability in the tweet_info function located in class/__functions.php. The flaw arises from the lack of HTTPS sessions when downloading serialized data, enabling man-in-the-middle attackers to manipulate the client-server data stream. This oversight allows the execution of arbitrary PHP code through PHP object injection attacks, posing a significant risk to websites utilizing this plugin.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.openwall.com/lists/oss-security/2015/09/06/3
mailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2015/09/05/4
mailing-listx_refsource_MLIST
https://wpvulndb.com/vulnerabilities/8179
x_refsource_MISC

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.