A high-severity vulnerability has been identified in the "Doubly – Cross Domain Copy Paste for WordPress" plugin. This flaw, a PHP Object Injection, allows an attacker to inject and execute malicious code on an affected website, potentially leading to a complete system compromise, data theft, or website defacement. Organizations using this plugin are at significant risk and should take immediate action to mitigate this threat.

The vulnerability is a PHP Object Injection flaw that occurs when the plugin improperly handles user-supplied data. An attacker can provide a specially crafted serialized PHP object as input to a vulnerable function within the plugin. The application's unserialize() function will then process this malicious object, which can trigger a "property-oriented programming" (POP) chain using existing code "gadgets" within the WordPress core or other installed plugins, ultimately leading to arbitrary code execution on the server.

This is a high-severity vulnerability with a CVSS score of 8.8, posing a significant risk to the business. Successful exploitation could grant an attacker full administrative control over the affected WordPress site. The potential consequences include theft of sensitive data such as customer information and user credentials, website defacement causing reputational damage, and the use of the compromised server for malicious activities like hosting phishing pages or participating in botnet attacks. This can lead to regulatory fines, loss of customer trust, and significant financial and operational disruption.

Immediate Action:

• Immediately identify all WordPress instances running the "Doubly – Cross Domain Copy Paste for WordPress" plugin.
• Update the plugin to the latest patched version as recommended by the vendor.
• If the plugin is not essential for business operations, the recommended course of action is to deactivate and completely remove it to eliminate this attack vector.

Proactive Monitoring:

• Monitor web server access logs for unusual POST requests containing long, encoded strings, which may indicate serialized PHP object payloads (e.g., starting with O:).
• Implement file integrity monitoring to detect unauthorized changes to core WordPress files, themes, or plugins.
• Review PHP and web server error logs for warnings or errors related to the unserialize() function, which could indicate exploitation attempts.

Compensating Controls:

• If immediate patching is not feasible, disable the "Doubly – Cross Domain Copy Paste for WordPress" plugin until it can be updated or removed.
• Deploy a Web Application Firewall (WAF) with rules specifically designed to detect and block PHP Object Injection attack patterns.
• Restrict access to the WordPress administrative dashboard (/wp-admin/) to trusted IP addresses only.

Public Exploit Available: false

Given the high CVSS score of 8.8, this vulnerability presents a critical risk to any organization using the affected plugin. We strongly recommend that all system administrators immediately apply the vendor's remediation guidance by updating or removing the vulnerable plugin. Although this CVE is not currently on the CISA KEV list, its severity warrants urgent attention. Proactive patching is the most effective defense to prevent a potential compromise of your web assets.