PHP Object Injection Vulnerability in Play.ht Plugin for WordPress by Play.ht
CVE-2024-1772

8.8HIGH

Key Information:

Vendor: Wordpress
Status: Play.ht – Make Your Blog Posts Accessible With Text To Speech Audio
Vendor: CVE Published:; 13 March 2024

Summary

The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is susceptible to PHP Object Injection due to the deserialization of untrusted input from the play_podcast_data post meta. Authenticated attackers with contributor-level access or higher can exploit this vulnerability to inject a PHP Object. While no known Property-Oriented Programming (POP) chain is evident within the vulnerable plugin, if a POP chain exists through an additional plugin or theme installed on the WordPress site, the risk escalates. Attackers may potentially delete arbitrary files, extract sensitive information, or execute malicious code, compromising the integrity and safety of the WordPress environment.

Affected Version(s)

Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio * <= 3.6.4

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/play-ht/trunk/...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 13, 2024
Vulnerability Reserved
Feb 22, 2024

Credit

Francesco Carlucci