Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
PHP Object injection vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of data supplied in a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to post_grid_import_xml_layouts.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
N/A
Vulnerability Title
WordPress 注入漏洞
Vulnerability Description
WordPress是WordPress(Wordpress)基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。 Post Grid plugin before 2.0.73 for WordPress 存在安全漏洞,该漏洞允许远程身份验证的攻击者可利用该漏洞注入任意PHP对象,这是因为通过AJAX在源参数中提供的远程托管精心制作的有效载荷中的数据不安全的反序列化。该操作必须设置为post grid import xml布局。
CVSS Information
N/A
Vulnerability Type
N/A