Description

WordPress Plugin Post Form-Registration Form-Profile Form for User Profiles and Content Forms for User Submissions is prone to a deserialization vulnerability. Attackers can possibly exploit this issue to call files using a PHAR wrapper that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions, granted a POP chain is also present. WordPress Plugin Post Form-Registration Form-Profile Form for User Profiles and Content Forms for User Submissions version 2.7.7 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 2.7.8 or latest

References

Related Vulnerabilities