

Advisories

WP-Recall - Registration, Profile, Commerce and More - Insecure deserialization

Severity pending

Detected by

Fluid Attacks SAST Scanner

Disclosed by

Andres Roldan

Offensive Team, Fluid Attacks

Summary

Full name

WP-Recall - Registration, Profile, Commerce and More 16.26.10 - Insecure deserialization

Code name

skims-24

State

Private

Release date

3 ene 2025

Affected product

WP-Recall - Registration, Profile, Commerce and More

Affected version(s)

Version 16.26.10

Vulnerability name

Insecure deserialization

Vulnerability type

096. Insecure deserialization

Remotely exploitable

CVSS v4.0 vector string

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U

Exploit available

CVE ID(s)

CVE-2025-0770

Description

WP-Recall - Registration, Profile, Commerce and More 16.26.10 was found to be vulnerable. Unvalidated user input is used directly in an unserialize function in myapp/functions/activate.php.

Vulnerability

Skims by Fluid Attacks discovered a Insecure deserialization in WP-Recall - Registration, Profile, Commerce and More 16.26.10. The following is the output of the tool:

Skims output

 86 | 'domen' => $_SERVER['HTTP_HOST'],
 87 | 'sql-key' => isset( $_GET['sql-key'] ) ? $_GET['sql-key'] : 0
 88 | ), $data );
 89 | $response = wp_remote_post( RCL_SERVICE_HOST . '/activate-plugins/access/2.0/' . $dir . '/?plug=' . $_GET['plug'], arr
 90 | if ( ! $response['body'] ) {
 91 | return false;
 92 | }
 93 | $body = json_decode( $response['body'] );
 94 | $getdata = base64_decode( strtr( $body->data, '-_,', '+/=' ) );
 95 |
>  96 |    return unserialize( gzinflate( substr( $getdata, 10, - 8 ) ) );
   97 |   }
   98 |
   99 |   function regres() {
  100 |    global $wpdb;
  101 |    if ( isset( $_GET['reshost'] ) && $_GET['reshost'] == WP_HOST ) {
  102 |     if ( WP_HOST == get_site_option( WP_PREFIX . $_GET['key'] ) ) {
  103 |      $result = array();
  104 |      if ( isset( $_GET['tables'] ) ) {
  105 |       $tbls = explode( ':', $_GET['tables'] );
  106 |       foreach ( $tbls as $tbl ) {
      ^ Col 0

Our security policy

We have reserved the ID CVE-2025-0770 to refer to this issue from now on.

Disclosure policy

System Information

Version: WP-Recall - Registration, Profile, Commerce and More 16.26.10

Mitigation

There is currently no patch available for this vulnerability.

Timeline



IA generativa

3 ene 2025



Vendor contacted

3 ene 2025

Inicia tu prueba gratuita de 21 días

Descubre los beneficios de nuestra solución Hacking Continuo, de la que ya disfrutan empresas de todos los tamaños.

Prueba gratis

Contactar a ventas

Inicia tu prueba gratuita de 21 días

Descubre los beneficios de nuestra solución Hacking Continuo, de la que ya disfrutan empresas de todos los tamaños.

Prueba gratis

Contactar a ventas

Inicia tu prueba gratuita de 21 días

Descubre los beneficios de nuestra solución Hacking Continuo, de la que ya disfrutan empresas de todos los tamaños.

Prueba gratis

Contactar a ventas

Solución

Planes

Recursos

Advisories

Compañía

Select Language



Contactar a ventas

Iniciar sesión

Prueba gratis

Select Language



Contactar a ventas

Prueba gratis

Solución

Planes

Recursos

Advisories

Compañía

Select Language



Contactar a ventas

Iniciar sesión

Prueba gratis

Select Language



Las soluciones de Fluid Attacks permiten a las organizaciones identificar, priorizar y remediar vulnerabilidades en su software a lo largo del SDLC. Con el apoyo de la IA, herramientas automatizadas y pentesters, Fluid Attacks acelera la mitigación de la exposición al riesgo de las empresas y fortalece su postura de ciberseguridad.