Back

WordPress PHP Object Injection

By
Febna V M
Published on
29 Jun 2018

A PHP Object Injection is a vulnerability affects at the application level. This vulnerability allows an attacker to perform attacks like Code Injection, SQL Injection, Path Traversal and Application Denial of Service. There are many vulnerable plugins in WordPress library that allow an attacker to perform a remote attack to the application. These plugins can successfully exploit a system because the application failed to sanitise user-supplied input before being passed to the unserialised PHP function. Attackers can exploit this issue to execute malicious PHP code on this web server. Using this vulnerability, an attacker can perform attacks like code injection, SQL injection, path traversal attack and denial of service attack.

Impact

The impact for this vulnerability include:-

  • Code injection
  • SQL injection
  • Path traversal
  • Denial of service

Mitigation / Precaution

Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.
Product tour
Written by
Febna V M
Febna V M
Cyber Security Engineer
Find website security issues in a flash
Improve your website's security posture with proactive vulnerability detection.
Free website security assessment
Experience the power of automated penetration testing & contextual reporting.
Product tour