Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpexploitDo Xuan TrungWPEX-ID:421194E1-6C3F-4972-8F3C-DE1B9D2BCB13
HistorySep 19, 2023 - 12:00 a.m.

Weaver Xtreme Theme Support < 6.3.1 - Admin+ PHP Object Injection

2023-09-1900:00:00
Do Xuan Trung
31
weaver xtreme theme
version 6.3.1
admin+
php object injection
gadget chain
deserialization
security exploit

0.001 Low

EPSS

Percentile

19.4%

JSON

Description The plugin unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import a malicious file and a suitable gadget chain is present on the blog.

To simulate a gadget chain, put the following code in a plugin:

class Test {
  public function __wakeup() : void {
    die("Arbitrary deserialization");
  }
}

Create a file named "poc.txt" with the following content: O:4:"Test":0:{};

Upload the file via the "Choose File" feature in Weaver Xtreme Theme Support > Filters

Then choose Restore Filter Options.

The view the response of the request made, which will have the "Arbitrary deserialization" message.

Related

cve 1
cvelist 1
nvd 1
prion 1
wpvulndb 1
wordfence 1
cve
cve
CVE-2023-4971
2023-10-16 20:15:17
cvelist
cvelist
CVE-2023-4971 Weaver Xtreme Theme Support < 6.3.1 - Admin+ PHP Object Injection
2023-10-16 19:38:52
nvd
nvd
CVE-2023-4971
2023-10-16 20:15:17
prion
prion
Design/Logic Flaw
2023-10-16 20:15:00
wpvulndb
wpvulndb
Weaver Xtreme Theme Support < 6.3.1 - Admin+ PHP Object Injection
2023-09-19 00:00:00
wordfence
wordfence
Wordfence Intelligence Weekly WordPress Vulnerability Report (September 18, 2023 to September 24, 2023)
2023-09-28 13:18:16

0.001 Low

EPSS

Percentile

19.4%

JSON
Related for WPEX-ID:421194E1-6C3F-4972-8F3C-DE1B9D2BCB13
cve1cvelist1nvd1prion1wpvulndb1wordfence1