The PGS Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.8.0 via deserialization of untrusted input in the 'import_header' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
#GADGET

PCWorld helps you navigate the PC ecosystem to find the products you want and the advice you need to get the job done.

Hacking Tools & Media

PC Magazine UK is your complete guide to computers, phones, tablets, peripherals and more. We test and review the latest gadgets, products and services, report technology news and trends, and provide shopping advice and price comparisons.

A portable multi-tool for pentesters and geeks in a toy-like body. It loves hacking digital stuff, such as radio protocols, access control systems, hardware, and more. It's fully open-source and customizable, so you can extend it in whatever way you like.