← back
CVE-2023-26326

CVE-2023-26326

EPSS 3.8%
The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affected by an unauthenticated insecure deserialization issue. An unauthenticated attacker could leverage this issue to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present.
Affected products
n/a · BuddyForms WordPress Plugin

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.tenable.com/security/research/tra-2023-7