Description

In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could conduct PHP object injection attacks via crafted metadata in a wp.getMediaItem XMLRPC call. This is caused by mishandling of serialized data at phar:// URLs in the wp_get_attachment_thumb_file function in wp-includes/post.php.

Remediation

References

CVE-2018-20148

Related Vulnerabilities

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-2272)

Oracle JRE CVE-2014-2398 Vulnerability (CVE-2014-2398)

WordPress Plugin Spam protection, AntiSpam, FireWall by CleanTalk Cross-Site Scripting (5.154)

Rukovoditel Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-13589)

WordPress Plugin BuddyPress Activity Plus Multiple Vulnerabilities (1.6.1)

Severity

Critical

Classification

CVE-2018-20148 CWE-502 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities