CVE-2023-34027 – This CVE describes a PHP object injection vulne... (How to Fix)

Q: What is the severity of CVE-2023-34027?

CVE-2023-34027 has a CVSS score of 8.3 (HIGH). This CVE describes a PHP object injection vulnerability in the WordPress Recently Viewed Products plugin. Attackers can exploit deserialization of untrusted data to execute arbitrary code on affected WordPress sites. All WordPress installations using this plugin version 1.0.0 or earlier are vulnerable.

📋 TL;DR

This CVE describes a PHP object injection vulnerability in the WordPress Recently Viewed Products plugin. Attackers can exploit deserialization of untrusted data to execute arbitrary code on affected WordPress sites. All WordPress installations using this plugin version 1.0.0 or earlier are vulnerable.

💻 Affected Systems

Products:

WordPress Recently Viewed Products plugin

Versions: n/a through 1.0.0

Operating Systems: All operating systems running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: All WordPress installations with this plugin enabled are vulnerable regardless of configuration.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete site compromise, data theft, malware installation, and server takeover.

🟠

Likely Case

Arbitrary code execution allowing attackers to deface websites, steal sensitive data, or install backdoors.

🟢

If Mitigated

Limited impact if proper input validation and output encoding are implemented elsewhere in the application stack.

🌐 Internet-Facing: HIGH - WordPress sites are typically internet-facing and this vulnerability can be exploited remotely.

🏢 Internal Only: MEDIUM - Internal WordPress sites could still be exploited by authenticated users or through other attack vectors.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation details are publicly available and the vulnerability is relatively easy to exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.0.1 or later

Vendor Advisory: https://patchstack.com/database/vulnerability/recently-viewed-products/wordpress-recently-viewed-products-plugin-1-0-0-php-object-injection-vulnerability

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Recently Viewed Products' plugin. 4. Click 'Update Now' if update is available. 5. If no update is available, deactivate and delete the plugin immediately.

🔧 Temporary Workarounds

Disable the plugin

all

Deactivate the Recently Viewed Products plugin to remove the vulnerability.

wp plugin deactivate recently-viewed-products

Remove the plugin

all

Completely remove the plugin files from the WordPress installation.

wp plugin delete recently-viewed-products

🧯 If You Can't Patch

Deactivate and remove the Recently Viewed Products plugin immediately
Implement web application firewall rules to block deserialization attempts

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → Installed Plugins for 'Recently Viewed Products' version 1.0.0 or earlier.

Check Version:

wp plugin get recently-viewed-products --field=version

Verify Fix Applied:

Verify plugin version is 1.0.1 or later, or confirm plugin is not installed/active.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to WordPress endpoints
PHP deserialization errors in logs
Unexpected file creation/modification

Network Indicators:

HTTP requests containing serialized PHP objects
Unusual traffic to wp-content/plugins/recently-viewed-products/

SIEM Query:

source="wordpress.log" AND ("recently-viewed-products" OR "unserialize" OR "php_object_injection")

📊 Metadata

CVE ID: CVE-2023-34027

CVSS v3 Score: 8.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

CWE: CWE-502

Published: December 19, 2023

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-34027, you might also want to check these: