NVD脆弱性詳細

Exploit、PoC検索

NVD脆弱性検索トップ

->

NVD脆弱性詳細

CVE-2026-7654

概要	The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution in versions up to and including 7.0.18. This is due to the use of `unserialize()` without an `allowed_classes` restriction in the `IdsToCollection::get_ids_from_string()` function, which processes attacker-controlled post meta values without proper validation. This makes it possible for authenticated attackers with Contributor-level access and above to inject a serialized PHP object into a post's custom meta field and trigger arbitrary code execution by exploiting a bundled POP gadget chain, resulting in remote code execution as the web server user.
公表日	2026年6月6日8:16
登録日	2026年6月7日4:12
最終更新日	2026年6月6日8:16

CVSS3.1 : HIGH
スコア	8.8
ベクター	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃に必要な特権レベル(PR)	低
利用者の関与(UI)	不要
影響の想定範囲(S)	変更なし
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高

関連情報、対策とツール

No	URL	refsource	タグ
1	https://plugins.trac.wordpress.org/browser/codepress-admin-columns/tags/7.0.16/classes/Formatter/IdsToCollection.php#L42	security@wordfence.com
2	https://plugins.trac.wordpress.org/browser/codepress-admin-columns/tags/7.0.16/classes/Formatter/Meta.php#L34	security@wordfence.com
3	https://plugins.trac.wordpress.org/browser/codepress-admin-columns/tags/7.0.16/vendor/laravel/serializable-closure/src/Serializers/Native.php#L148	security@wordfence.com
4	https://plugins.trac.wordpress.org/browser/codepress-admin-columns/tags/7.0.16/vendor/laravel/serializable-closure/src/Support/ClosureStream.php#L47	security@wordfence.com
5	https://plugins.trac.wordpress.org/browser/codepress-admin-columns/trunk/classes/Formatter/IdsToCollection.php#L42	security@wordfence.com
6	https://plugins.trac.wordpress.org/browser/codepress-admin-columns/trunk/classes/Formatter/Meta.php#L34	security@wordfence.com
7	https://plugins.trac.wordpress.org/browser/codepress-admin-columns/trunk/vendor/laravel/serializable-closure/src/Serializers/Native.php#L148	security@wordfence.com
8	https://plugins.trac.wordpress.org/browser/codepress-admin-columns/trunk/vendor/laravel/serializable-closure/src/Support/ClosureStream.php#L47	security@wordfence.com
9	https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3553297%40codepress-admin-columns&new=3553297%40codepress-admin-columns&sfp_email=&sfph_mail=	security@wordfence.com
10	https://www.wordfence.com/threat-intel/vulnerabilities/id/051a3967-ef86-49bc-b72c-23e43568fef6?source=cve	security@wordfence.com

共通脆弱性一覧

No	CWE	名前	URL
1	CWE-502	信頼性のないデータのデシリアライゼーション	https://cwe.mitre.org/data/definitions/502.html