ThreatPress

WordPress Vulnerabilities Database

Back

WordPress SecureMoz Security Audit Plugin <= 1.0.5 - PHP Object Injection

Product
SecureMoz Security Audit
Description
The tweet_info function in class/__functions.php does not use an HTTPS session for downloading serialized data. In that way an attacker can execute arbitrary PHP code by modifying the client-server data stream.
Solution
Update the plugin.
Classification
Type Session Hijacking
References
CVE Mitre
CVE
Name CVE-2015-6828
Versions
Affected In <= 1.0.5
Fixed In 1.0.6
Disclosure date
2015-09-06