The plugin gravitate-qa-tracker insecurely trusts serialized data submitted over HTTP requests. This opens up the site to a PHP object injection vulnerability potential exploit vector.
Attack is exploitable over HTTP requests to sites with the gravitate-qa-tracker Plugin. The original researcher notified WordPress Plugins team.
CPE | Name | Operator | Version |
---|---|---|---|
gravitate-qa-tracker | eq | * |