Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The tweet_info function in class/__functions.php in the SecureMoz Security Audit plugin 1.0.5 and earlier for WordPress does not use an HTTPS session for downloading serialized data, which allows man-in-the-middle attackers to conduct PHP object injection attacks and execute arbitrary PHP code by modifying the client-server data stream. NOTE: some of these details are obtained from third party information.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
WordPress SecureMoz Security Audit插件输入验证漏洞
Vulnerability Description
WordPress是WordPress软件基金会的一套使用PHP语言开发的博客平台,该平台支持在PHP和MySQL的服务器上架设个人博客网站。SecureMoz Security Audit是其中的一个安全审核(提供了超过27种方式来保护WordPress网站)插件。 WordPress SecureMoz Security Audit插件1.0.5及之前版本的class/__functions.php脚本中的‘tweet_info’函数存在安全漏洞,该漏洞源于程序没有使用HTTPS会话下载序列化数据。攻
CVSS Information
N/A
Vulnerability Type
N/A