WordPress Valiance theme <= 1.2 - PHP Object Injection vulnerability

Vulnerability

The Valiance WordPress theme versions up to and including 1.2 are vulnerable to unauthenticated PHP Object Injection. The vulnerability exists in the theme's handling of user-supplied input that is passed to unserialize() without proper sanitization. An attacker can inject arbitrary PHP objects by sending a crafted serialized payload. No authentication is required to trigger the vulnerability. Affected versions: Valiance <= 1.2. [1]

Exploitation

An unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request containing a malicious serialized PHP object to the vulnerable endpoint. The attacker does not need any prior access or user interaction. The exploitation is straightforward and can be automated, making it suitable for mass-exploit campaigns. [1]

Impact

Successful exploitation allows an attacker to execute arbitrary PHP code if a suitable POP (Property Oriented Programming) chain is present in the WordPress environment. This can lead to complete site compromise, including code execution, SQL injection, path traversal, denial of service, and other malicious actions. The impact is severe as the attacker gains full control over the affected WordPress site. [1]

Mitigation

The vulnerability is fixed in version 1.3 of the Valiance theme. Users are strongly advised to update to version 1.3 or later immediately. If updating is not possible, a mitigation rule is available from Patchstack to block attacks until the update is applied. The vulnerability is expected to be actively exploited, so prompt action is critical. [1]