PHP Object Injection Vulnerability in SecureMoz Security Audit Plugin for WordPress
CVE-2015-6828

Currently unrated

Key Information:

Vendor: Wordpress
Status: Security Audit
Vendor: CVE Published:; 16 September 2015

Summary

The SecureMoz Security Audit plugin for WordPress, specifically version 1.0.5 and earlier, contains a vulnerability in the tweet_info function located in class/__functions.php. The flaw arises from the lack of HTTPS sessions when downloading serialized data, enabling man-in-the-middle attackers to manipulate the client-server data stream. This oversight allows the execution of arbitrary PHP code through PHP object injection attacks, posing a significant risk to websites utilizing this plugin.

References

http://www.openwall.com/lists/oss-security/2015/09/06/3

mailing-listx_refsource_MLIST

http://www.openwall.com/lists/oss-security/2015/09/05/4

mailing-listx_refsource_MLIST

https://wpvulndb.com/vulnerabilities/8179

x_refsource_MISC

Timeline

Vulnerability published
Sep 16, 2015
Vulnerability Reserved
Sep 6, 2015