Description
WordPress Plugin Post Form-Registration Form-Profile Form for User Profiles and Content Forms for User Submissions is prone to a deserialization vulnerability. Attackers can possibly exploit this issue to call files using a PHAR wrapper that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions, granted a POP chain is also present. WordPress Plugin Post Form-Registration Form-Profile Form for User Profiles and Content Forms for User Submissions version 2.7.7 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.7.8 or latest
References
https://www.tenable.com/security/research/tra-2023-7
https://plugins.svn.wordpress.org/buddyforms/trunk/readme.txt
Related Vulnerabilities
Joomla! Core 3.9.x Cross-Site Request Forgery (3.9.0 - 3.9.19)
WordPress Plugin BP GTM System Cross-Site Scripting (1.9.5)
WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Multiple Vulnerabilities (4.1.2)
PHP Improper Input Validation Vulnerability (CVE-2009-3291)
WordPress Plugin Bootstrap Categories Gallery Cross-Site Scripting (1.0.1)