WordPress Kapee theme < 1.7.0 - PHP Object Injection vulnerability

Vulnerability

The Kapee WordPress theme versions prior to 1.7.0 are vulnerable to unauthenticated PHP Object Injection. An attacker can inject arbitrary serialized PHP objects via a crafted request without requiring authentication. This vulnerability exists in the theme's handling of user-supplied input that is unserialized without proper sanitization. [1]

Exploitation

An unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request containing a malicious serialized PHP object. No authentication or user interaction is required. The attack can be performed remotely over the network. If a suitable POP (Property Oriented Programming) chain exists in the WordPress environment, the attacker can trigger arbitrary code execution. [1]

Impact

Successful exploitation can lead to arbitrary code execution, SQL injection, path traversal, denial of service, and other severe consequences depending on available POP chains. The vulnerability is considered highly dangerous and is expected to be used in mass-exploit campaigns targeting thousands of websites. [1]

Mitigation

The vulnerability is fixed in version 1.7.0 of the Kapee theme. Users should update to version 1.7.0 or later immediately. If unable to update, Patchstack provides a mitigation rule to block attacks until the update is applied. [1]