Universal Slider Vulnerable to PHP Object Injection in WordPress
CVE-2024-5649

8.8HIGH

Key Information:

Vendor: Webhuntinfotech
Status: Universal Slider
Vendor: CVE Published:; 19 June 2024

Summary

The Universal Slider plugin for WordPress, up to and including version 1.6.5, is vulnerable to PHP Object Injection due to the deserialization of untrusted input through the 'fsl_get_gallery_value' function. This vulnerability allows authenticated users with Contributor-level access and higher to potentially inject PHP objects. Although no known proof of concept (POP) chain exists within the vulnerable software itself, if an additional plugin or theme included in the target system provides a POP chain, the attacker could exploit this vulnerability to delete arbitrary files, retrieve sensitive information, or execute malicious code.

Affected Version(s)

Universal Slider * <= 1.6.5

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/fusion-slider/...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 19, 2024
Vulnerability Reserved
Jun 4, 2024

Collectors

NVD DatabaseMitre Database

Credit

Francesco Carlucci