Vulnerability in Flipbox Builder plugin allows PHP Object Injection

CVE-2024-6152

Summary

The Flipbox Builder plugin for WordPress is susceptible to PHP Object Injection due to improper handling of untrusted input in its flipbox_builder_Flipbox_ShortCode function. This vulnerability affects all versions up to and including 1.5, enabling authenticated individuals with Contributor-level access and higher to inject arbitrary PHP Objects into the application. While no known Payload Object Chains (POPs) exist within the vulnerable code, the presence of such a chain from an additional plugin or theme may empower attackers to delete files, access sensitive information, or execute arbitrary code. Vigilant monitoring and timely updates are crucial to mitigate potential risks associated with this vulnerability.

References