WordPress Nifty theme <= 1.4.1 - PHP Object Injection vulnerability

Vulnerability

The Nifty WordPress theme versions up to and including 1.4.1 are vulnerable to unauthenticated PHP Object Injection. The vulnerability occurs in code that unserializes user-supplied input without proper sanitization, allowing an attacker to inject arbitrary PHP objects. No authentication is required to reach the vulnerable code path. [1]

Exploitation

An unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request containing a malicious serialized PHP object to the vulnerable theme. The attack does not require any user interaction or special network position, making it remotely exploitable. This vulnerability is expected to be used in mass-exploit campaigns targeting thousands of websites. [1]

Impact

Successful exploitation can lead to arbitrary code execution, SQL injection, path traversal, or denial of service, depending on the availability of a suitable POP chain. The CVSS score is 9.8 (Critical), indicating severe impact on confidentiality, integrity, and availability. [1]

Mitigation

Update to version 1.4.2 or later, which contains the fix. If immediate update is not possible, apply a virtual patch or use a web application firewall to block malicious payloads. Patchstack has issued a mitigation rule to protect against attacks until the update is applied. [1]