关键信息 漏洞概述 漏洞名称: WordPress Course Builder Theme < 3.6.6 is vulnerable to PHP Object Injection 优先级: High priority 风险: This vulnerability is highly dangerous and expected to become mass exploited. 影响版本 易受攻击的版本: < 3.6.6 修复版本: 3.6.6 漏洞类型 PHP Object Injection - Allows a malicious actor to execute code injection, SQL injection, path traversal, denial of service, and more if a proper POP chain is present. 解决方案 1. 自动缓解漏洞: - Patchstack has issued a virtual patch to mitigate this issue by blocking any attacks until you have updated to a fixed version. 2. 更新到版本 3.6.6 或更高: - Update to version 3.6.6 or later to remove the vulnerability. 时间线 报告日期: 10 May 2023 发布日期: 29 May 2023 其他细节 软件: Course Builder 类型: Theme 易受攻击的版本: < 3.6.6 修复版本: 3.6.6