What the vulnerability does
01Description
Deserialization of Untrusted Data vulnerability in Melapress MelaPress Login Security melapress-login-security allows Object Injection.This issue affects MelaPress Login Security: from n/a through <= 2.1.0.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Deserialization of Untrusted Data vulnerability in Melapress MelaPress Login Security melapress-login-security allows Object Injection.This issue affects MelaPress Login Security: from n/a through <= 2.1.0.
Explanation of Vulnerability in Simple Terms
MelaPress Login Security versions up to 2.1.0 contain a deserialization vulnerability that allows high-privileged attackers to execute arbitrary code on the site. The vulnerability requires administrator access and high attack complexity, but successful exploitation grants full control over site data and functionality. Site owners should update immediately to a version newer than 2.1.0.
What an attacker can do
Run arbitrary code on the site with full access to data and functionality.
Potential impact on your site
An admin account compromise could lead to complete site takeover and data theft.
Conditions required to exploit
Attacker must have administrator-level access to the WordPress site.
Key dates
External resources