Meta Tag Manager Vulnerable to PHP Object Injection
CVE-2024-1770

8.8HIGH

Key Information:

Vendor: Wordpress
Status: Meta Tag Manager
Vendor: CVE Published:; 28 March 2024

Summary

The Meta Tag Manager plugin for WordPress, in all versions up to and including 3.0.2, is exposed to a PHP Object Injection vulnerability stemming from the unsafe deserialization of untrusted input within the get_post_data function. This vulnerability permits authenticated attackers with contributor access or higher to inject a PHP object. While a prerequisite for a property-oriented programming (POP) chain does not exist within the vulnerable plugin itself, if a POP chain exists through another plugin or theme on the same WordPress installation, it could empower an attacker to delete arbitrary files, extract sensitive data, or execute arbitrary code, amplifying the risk posed by this vulnerability.

Affected Version(s)

Meta Tag Manager * <= 3.0.2

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset/3054910/meta...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 28, 2024
Vulnerability Reserved
Feb 22, 2024

Credit

Francesco Carlucci