关键信息 漏洞概述 漏洞名称: WordPress Exertio Theme <= 1.3.2 is vulnerable to PHP Object Injection 优先级: High priority 受影响版本: <= 1.3.2 修复版本: 1.3.3 风险 类型: PHP Object Injection 描述: This vulnerability is highly dangerous and expected to become mass exploited. It could allow a malicious actor to execute code injection, SQL injection, path traversal, denial of service, and more if a proper POP chain is in products. 解决方案 1. 自动缓解漏洞: Patchstack has issued a virtual patch to mitigate this issue by blocking any attacks until you have updated to a fixed version. 2. 更新版本: Update to version 1.3.3 or later to remove the vulnerability. 时间线 报告日期: 29 Jun 2023 早期警告发送给Patchstack客户: 31 Jul 2023 发布日期: 02 Aug 2023 细节 软件: Exertio 类型: Theme 易受攻击的版本: <= 1.3.2 修复版本: 1.3.3