What the vulnerability does
01Description
Deserialization of Untrusted Data vulnerability in Florent Maillefaud WP Maintenance wp-maintenance allows Object Injection.This issue affects WP Maintenance: from n/a through <= 6.1.9.7.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Deserialization of Untrusted Data vulnerability in Florent Maillefaud WP Maintenance wp-maintenance allows Object Injection.This issue affects WP Maintenance: from n/a through <= 6.1.9.7.
Explanation of Vulnerability in Simple Terms
WP Maintenance versions 6.1.9.7 and earlier contain a deserialization vulnerability that allows high-privileged users to execute arbitrary code on the site. An attacker with administrator or equivalent access can craft malicious serialized data to trigger unintended PHP execution. This affects the plugin's core functionality and requires administrative credentials to exploit.
What an attacker can do
Run arbitrary PHP code on the site with full site privileges.
Potential impact on your site
A compromised admin account can fully compromise the site, including data theft, malware injection, and site takeover.
Conditions required to exploit
Attacker must have high-level site access (administrator role or equivalent).
Key dates
External resources
Related vulnerabilities