New WordPress vulnerability discovered

by WarriorForum.com Administrator

Posted: 2 years ago 0 replies

INTERNET MARKETING

Due to incorrect input sanitization, a PHP Object injection vulnerability that allowed base64 encoded user input was addressed by a WordPress anti-spam plugin with over 60,000 installations.

The plugin's goal is to eliminate spam from sign-up forms, comments, and other areas. Spam bots can be stopped, and users can input IP addresses to prohibit them.

Any WordPress plugin or form that accepts user input is necessary to only allow the inputs that are intended, such as text, photos, and email addresses.

Filtering out unexpected inputs is necessary. Sanitization is the term for the filtering procedure that keeps undesirable inputs out.

The vulnerability is published on the WPScan website:

"The plugin passes base64 encoded user input to the unserialize() PHP function when CAPTCHA are used as second challenge, which could lead to PHP Object injection if a plugin installed on the blog has a suitable gadget chain..."

You can read the full details on WPScan here.

#discovered #vulnerability #wordpress

Trending Topics

7 {{ upvoteCount | shortNum }}

What would you do with a $1,000 to use for your IM??

GordonJ 9 hours ago in Internet Marketing

One of our tests several years ago was to give away one thousand dollars to people who submitted a well thought out plan on how to use it, to make ... [read more]

4 Replies
Share
29 {{ upvoteCount | shortNum }}

Can you succeed by doing no more than the competition-

barriethethinker 2 days ago in Internet Marketing

If I take a category like gardening, there are many sellers who sell a whole load of similar stuff to each other, to a large extent. They all sell tulips ... [read more]

12 Replies
Share
22 {{ upvoteCount | shortNum }}

New member, email marketing enthusiast

ForgeSMTP 3 days ago in Beginners Area

Hi buddies, I'm a programmer and Linux/Windows server administrator. I'm quite new here and I missed my introduction while learning for some weeks now. I'm on a mission to developing ... [read more]

13 Replies
Share
15 {{ upvoteCount | shortNum }}

How do search engines crawl meta descriptions of websites?

prasanth1964 1 week ago in SEO

They say in SEO meta descriptions matter a lot. Being that the case people who search using keywords via search engines arrive at web pages of the websites based on ... [read more]

10 Replies
Share
7 {{ upvoteCount | shortNum }}

Selling by mail order/ direct mail

barriethethinker 3 days ago in Offline Marketing

I am looking to start selling this way .New to this, so any advice would be appreciated. Nothing fancy to start off. An 8 sided A5 catalogue/leaflet. I am looking ... [read more]

3 Replies
Share

Advertise with Us