What the vulnerability does
01Description
Shop manager PHP Object Injection in CTX Feed <= 6.6.26 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Shop manager PHP Object Injection in CTX Feed <= 6.6.26 versions.
Explanation of Vulnerability in Simple Terms
CTX Feed versions up to 6.6.26 contain a deserialization vulnerability that allows high-privileged users to execute arbitrary code on the site. An attacker with administrative access can craft malicious serialized data that, when processed by the plugin, runs their own PHP code. This affects confidentiality, integrity, and availability of the site.
What an attacker can do
Run arbitrary PHP code on the site with full administrative privileges.
Potential impact on your site
A compromised admin account can fully control your site, steal data, modify content, or install backdoors.
Conditions required to exploit
Attacker must have high-level administrative access to the WordPress site.
Key dates
External resources
Related vulnerabilities