WordPress Sayfa Sayaç Plugin <= 2.6 is vulnerable to PHP Object Injection
CVE-2023-49778

10CRITICAL

Key Information:

Vendor: WordPress
Status: Sayfa Sayac
Vendor: CVE Published:; 21 December 2023

Summary

A deserialization of untrusted data vulnerability exists in the Sayfa Sayac plugin created by Hakan Demiray. This issue can lead to PHP object injection attacks, potentially allowing unauthorized actions on the affected WordPress sites. The vulnerability impacts Sayfa Sayac versions from n/a through 2.6, raising significant concerns for users relying on this plugin for tracking site visits.

Affected Version(s)

Sayfa Sayac <= 2.6

References

https://patchstack.com/database/vulnerability/sayfa-sayac...

vdb-entry

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 21, 2023
Vulnerability Reserved
Nov 30, 2023

Credit

Rafie Muhammad (Patchstack)