PHP Object Injection vulnerability in Splashing Images plugin (wp-splashing-images) before 2.1.1 for WordPress

PHP Object Injection vulnerability in Splashing Images plugin (wp-splashing-images) before 2.1.1 for WordPress

CVE-2018-6195 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

admin/partials/wp-splashing-admin-main.php in the Splashing Images plugin (wp-splashing-images) before 2.1.1 for WordPress allows authenticated (administrator, editor, or author) remote attackers to conduct PHP Object Injection attacks via crafted serialized data in the 'session' HTTP GET parameter to wp-admin/upload.php.

Learn more about our Wordpress Pen Testing.