CNNVD-202510-2539 Information
CNNVD ID
CNNVD-202510-2539
Related CVE
- CNNVD Published: 2025-10-18
Description (Chinese)
WordPress等都是(WordPress)基金会的产品。WordPress是一套使用PHP语言开发的博客平台。PHP等都是(PHP)的产品。PHP是一种在服务器端执行的脚本语言。WebSockets ws等都是(WebSockets)开源的产品。ws是一个 Node.js WebSocket 库。 WordPress plugin RegistrationMagic 3.7.9.3之前版本存在代码问题漏洞,该漏洞源于is_expired_by_date函数对不可信输入进行反序列化,可能导致PHP对象注入攻击。
Description (English)
WordPress and others are products of the WordPress Foundation. WordPress is a blog platform developed in the PHP language. PHPs are all (PHPs) products. PHP is a script language executed at the server end. WebSockets ws are all open-source products. Ws is a Node.js WebSocket library. The prior version of WordPress Plugin Regulation Magic 3.7.9.3 had a code problem loophole, which stemmed from the inverse sequence of untrustworthy inputs by the Is expired by date function, which could lead to an injection attack on PHP objects.
Hazard Level
Low
Vulnerability Type
代码问题
Affected Vendor
WordPress
Published
2025-10-18
Last Modified
2026-02-24
References
https://plugins.trac.wordpress.org/changeset/1733274/custom-registration-form-builder-with-submission-manager https://www.wordfence.com/blog/2017/10/3-zero-day-plugin-vulnerabilities-exploited-wild/ https://www.wordfence.com/threat-intel/vulnerabilities/id/c2b79193-f8fc-4ea2-8973-fe292cfb926b?source=cve https://access.redhat.com/security/cve/cve-2017-20208
Patch
https://wordpress.org/plugins/custom-registration-form-builder-with-submission-manager/
Share on: