PHP Object Injection Vulnerability in TAKETIN To WP Membership
|
System information
|
|
|
Affected software |
Wordpress |
Description
|
https://www.pluginvulnerabilities.com/2017/09/22/php-object-injection-vulnerability-in-taketin-to-wp-membership/Through the proactive monitoring of changes in WordPress plugins for serious vulnerabilities we do, we recently found a PHP object injection vulnerability in the TAKETIN To WP Membership plugin. In the file /classes/taketin-mp-utils.php the function getMessage() as of version 1.2.7 would unserialize the value of the cookie “taketin_mp_error”, which permitted PHP object
More info:
https://www.pluginvulnerabilities.com/2017/09/22/php-object-injection-vulnerability-in-taketin-to-wp-membership/ |
Standar resources
|
Property |
Value |
CVE |
|