Download the full program in PDF.

PHP Object Injection Vulnerability in WordPress: an Analysis

Author: Tom Van Goethem

With approximately 19% of the web running on WordPress, it comes as no surprise that the security of this content management system has an enormous impact on a large number of users. Despite being open source, and reviewed by security researchers, WordPress is—just as any other software—prone to errors and vulnerabilities.
In this talk, the author will discuss how the unexpected behavior of MySQL led to the discovery of a PHP Object Injection vulnerability in the WordPress core. The author will also demonstrate how this vulnerability can be exploited in order to run arbitrary code on WordPress installations that enable a popular plugin.

  • Language
  • Russian

Tom Van Goethem is a PhD student at KU Leuven (Belgium).

Tom Van Goethem Tom Van Goethem

Back to the list