_ _ / | _| |_ _ _____ ___ ___ ___ ___ ___ _ / / | . | | | | . | _| . | _| -_| |_|_/ |___|___|_|_|_| _|___|___|_| |___| |_| 2019-05-07 Insecure Deserialization in WordPress plugin virim v0.4 ======================================================= CVE-2019-12240 The title says it all. The plugin in question[1] passes attacker controllable data to the unserialize() function, resulting in insecure deserialization. No authentication required. For more about insecure deserialization, check references below[2]. # Details graph.php: 13 if($_GET['type']=='over_time') { .. 48 } 49 else { 50 51 $line_values = unserialize($_GET['s_values']); 52 $t_line_values = unserialize($_GET['t_values']); 53 $c_line_values = unserialize($_GET['c_values']); 54 } # Timeline 2019-05-07 Public disclosure 2019-05-07 CVE-ID requested 2019-05-20 CVE-2019-12240 assigned # References 1: https://wordpress.org/plugins/virim/ 2: https://www.owasp.org/index.php/Top_10-2017_A8-Insecure_Deserialization