ConvertPlug Plugin Vulnerable to PHP Object Injection
CVE-2024-3240

8.8HIGH

Key Information:

Vendor: Wordpress
Status: Convertplug
Vendor: CVE Published:; 4 May 2024

Summary

The ConvertPlug plugin for WordPress, including all versions up to and including 3.5.25, is subject to a PHP Object Injection vulnerability. This issue arises from the deserialization of untrusted input originating from the 'settings_encoded' attribute of the 'smile_info_bar' shortcode. Authenticated attackers, possessing contributor-level access or higher, could exploit this vulnerability to inject PHP objects. In scenarios where a potentially dangerous PHP Object Pollution (POP) chain is present through other plugins or themes on the system, this could facilitate various malicious activities, including the deletion of arbitrary files, retrieval of sensitive data, or unauthorized code execution.

Affected Version(s)

ConvertPlug * <= 3.5.25

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://www.convertplug.com/plus/product/convertplug/

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 4, 2024
Vulnerability Reserved
Apr 2, 2024

Credit

1337_Wannabe