PHP Object Injection Vulnerability in Glossary by WPPedia Plugin for WordPress
CVE-2025-4803

7.2HIGH

What is CVE-2025-4803?

The Glossary by WPPedia plugin for WordPress is susceptible to a PHP Object Injection flaw that allows authenticated users with Administrator-level access to exploit the deserialization of untrusted data through the 'posttypes' parameter. This vulnerability creates potential for malicious actors to inject a PHP Object into the application. While the plugin does not have a known PHP Object Pollution (POP) chain, its risk escalates if other plugins or themes on the site leverage such a chain, enabling attackers to undertake destructive actions like deleting files, accessing sensitive information, or executing arbitrary code.

Affected Version(s)

Glossary by WPPedia – Best Glossary plugin for WordPress * <= 1.3.0

References

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Drew Webber
.
The Cyber Security Vulnerability Database.