Vulnerability Bulletins

PHP Object Injection Vulnerability in TAKETIN To WP Membership

System information
   
Affected software Wordpress

Description
https://www.pluginvulnerabilities.com/2017/09/22/php-object-injection-vulnerability-in-taketin-to-wp-membership/Through the proactive monitoring of changes in WordPress plugins for serious vulnerabilities we do, we recently found a PHP object injection vulnerability in the TAKETIN To WP Membership plugin. In the file /classes/taketin-mp-utils.php the function getMessage() as of version 1.2.7 would unserialize the value of the cookie “taketin_mp_error”, which permitted PHP object

More info:

https://www.pluginvulnerabilities.com/2017/09/22/php-object-injection-vulnerability-in-taketin-to-wp-membership/

Standar resources
Property Value
CVE

Version history
Version Comments Date
1.0 Advisory issued 2017-09-23
Ministerio de Defensa
CNI
CCN
CCN-CERT