Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Facebook for WordPress < 3.0.0 - PHP Object Injection with POP Chain
Vulnerability Description
The run_action function of the Facebook for WordPress plugin before 3.0.0 deserializes user supplied data making it possible for PHP objects to be supplied creating an Object Injection vulnerability. There was also a useable magic method in the plugin that could be used to achieve remote code execution.
CVSS Information
N/A
Vulnerability Type
可信数据的反序列化
Vulnerability Title
WordPress 插件 代码问题漏洞
Vulnerability Description
WordPress 插件是WordPress开源的一个应用插件。 WordPress 插件 Facebook for WordPress插件 3.0.0版本之前存在安全漏洞,该漏洞源于插件的run_action函数反序列化用户提供的数据,从而有可能提供PHP对象,从而创建对象注入漏洞。
CVSS Information
N/A
Vulnerability Type
N/A