Description
WordPress Plugin Post Form-Registration Form-Profile Form for User Profiles and Content Forms for User Submissions is prone to a deserialization vulnerability. Attackers can possibly exploit this issue to call files using a PHAR wrapper that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions, granted a POP chain is also present. WordPress Plugin Post Form-Registration Form-Profile Form for User Profiles and Content Forms for User Submissions version 2.7.7 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.7.8 or latest
References
https://www.tenable.com/security/research/tra-2023-7
https://plugins.svn.wordpress.org/buddyforms/trunk/readme.txt
Related Vulnerabilities
MySQL CVE-2013-2391 Vulnerability (CVE-2013-2391)
WordPress Plugin WP PHP widget Information Disclosure (1.0.2)
Joomla! Core 3.x.x Security Bypass (3.0.0 - 3.9.15)
WordPress Plugin Product Addons & Fields for WooCommerce Cross-Site Scripting (32.0.6)
WordPress 3.9.x Denial of Service Vulnerability (3.9 - 3.9.23)