CVE-2021-24857

The ToTop Link WordPress plugin through 1.7.1 passes base64 encoded user input to the unserialize() PHP function, which could lead to PHP Object injection if a plugin installed on the blog has a suitable gadget chain.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:nocean:totop_link:*:*:*:*:*:wordpress:*:*

History

No history.

Information

Published : 2021-12-13 11:15

Updated : 2021-12-16 19:39


NVD link : CVE-2021-24857

Mitre link : CVE-2021-24857

CVE.ORG link : CVE-2021-24857


JSON object : View

Products Affected

nocean

  • totop_link
CWE
CWE-502

Deserialization of Untrusted Data