https://www.pluginvulnerabilities.com/2017/09/22/php-object-injection-vulnerability-in-taketin-to-wp-membership/

Through the proactive monitoring of changes in WordPress plugins for serious vulnerabilities we do, we recently found a PHP object injection vulnerability in the TAKETIN To WP Membership plugin.

In the file /classes/taketin-mp-utils.php the function getMessage() as of version 1.2.7 would unserialize the value of the cookie “taketin_mp_error”, which permitted PHP object injection:

346 347 348 349 350

Powered by WPeMatico