Multiple Wordpress Plugins PHP Object Injection Vulnerability

Multiple Wordpress Plugins are prone to a PHP object injection vulnerability because it fails to sufficiently sanitize user-supplied input.

Attackers can exploit this issue to inject arbitrary object in to the application to delete files, view files and execute local script code and to access or modify data, or exploit latent vulnerabilities in the underlying database execute arbitrary PHP code through specially crafted serialized objects.

The following plugins are affected:

Appointments Plugin versions prior to 2.2.2
Flickr Gallery Plugin versions prior to 1.5.3
RegistrationMagic-Custom Registration Forms Plugin versions prior to 3.7.9.3


 

Privacy Statement
Copyright 2010, SecurityFocus