What is PHP object injection vulnerability in the context of WordPress and how does it apply to `unserialize()`?

WordPress Expert Hard

WordPress Expert — Hard

What is PHP object injection vulnerability in the context of WordPress and how does it apply to `unserialize()`?

Key points

  • Attackers craft serialized strings to instantiate classes with controlled properties
  • Magic methods like __destruct or __wakeup can be used for malicious operations
  • Exploited in WordPress through cookies, meta values, or option storage

Ready to go further?

Start full exam Practice more questions

Related questions