关键信息 漏洞概述 漏洞名称: WordPress Pet World Theme <= 2.8 is vulnerable to PHP Object Injection 优先级: High priority CVSS评分: 8.8 风险: This vulnerability is highly dangerous and expected to become mass exploited. 影响版本 受影响版本: <= 2.8 修复版本: No official fix available 漏洞类型 类型: PHP Object Injection 描述: This could allow a malicious actor to execute code injection, SQL injection, path traversal, denial of service, and more if a proper POP chain is present. 解决方案 建议: Automatically mitigate vulnerabilities and keep your websites safe. 措施: Patchstack has issued a virtual patch to mitigate this issue by blocking any attacks until an official fix becomes available. 时间线 报告日期: 20 Mar 2025 早期警告发送给Patchstack客户: 21 May 2025 发布日期: 23 May 2025 其他信息 软件: Pet World 类型: Theme 发现者: Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity)