CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
SSVC
Exploitation
none
Automatable
no
Technical Impact
total
The Hubbub Lite – Fast, Reliable Social Sharing Buttons plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.33.1 via deserialization of untrusted input via the ‘dpsp_maybe_unserialize’ function. This makes it possible for authenticated attackers, with contributor access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
[
{
"cpes": [
"cpe:2.3:a:morehubbub:hubbub_lite:*:*:*:*:*:wordpress:*:*"
],
"vendor": "morehubbub",
"product": "hubbub_lite",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "semver",
"lessThanOrEqual": "1.33.1"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:nerdpress:hubbub_lites:*:*:*:*:*:*:*:*"
],
"vendor": "nerdpress",
"product": "hubbub_lites",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "semver",
"lessThanOrEqual": "1.33.1"
}
],
"defaultStatus": "unknown"
}
]
plugins.trac.wordpress.org/browser/social-pug/trunk/inc/functions-post.php#L194
plugins.trac.wordpress.org/browser/social-pug/trunk/inc/functions.php#L556
plugins.trac.wordpress.org/changeset?old_path=/social-pug/tags/1.33.1&old=3060042&new_path=/social-pug/tags/1.33.2&new=3060042&sfp_email=&sfph_mail=
www.wordfence.com/threat-intel/vulnerabilities/id/d3999c59-57a9-410c-a550-7d198bdb25ea?source=cve
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
SSVC
Exploitation
none
Automatable
no
Technical Impact
total