Back to search
CVE-2015-6828
Published: Sep 16, 2015
Modified: Aug 6, 2024
PUBLISHED
Description
The tweet_info function in class/__functions.php in the SecureMoz Security Audit plugin 1.0.5 and earlier for WordPress does not use an HTTPS session for downloading serialized data, which allows man-in-the-middle attackers to conduct PHP object injection attacks and execute arbitrary PHP code by modifying the client-server data stream. NOTE: some of these details are obtained from third party information.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[oss-security] 20150906 Re: Some Wordpress Plugin Stuff (some, wordpress, stuff)
mailing-list
x_refsource_MLIST
[oss-security] 20150905 Some Wordpress Plugin Stuff
mailing-list
x_refsource_MLIST
https://wpvulndb.com/vulnerabilities/8179
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now