A critical unauthenticated PHP Object Injection vulnerability in the CRM Perks integration for Constant Contact poses a severe risk of remote system compromise.

The vulnerability is an unauthenticated PHP Object Injection flaw. This allows remote attackers to supply malicious serialized data to the application, which is then insecurely deserialized, potentially leading to arbitrary code execution.

A CVSS score of 9.8 underscores the critical nature of this vulnerability. An attacker can exploit this flaw to gain unauthorized access to the underlying server, potentially compromising sensitive business data and leading to a total loss of system integrity.

Immediate Action: Update the Integration for Contact Form 7 and Constant Contact plugin to the latest version to address the vulnerability.

Proactive Monitoring: Perform regular audits of application logs to identify suspicious activity or unusual input patterns directed at the plugin.

Compensating Controls: Use a Web Application Firewall (WAF) to block requests containing serialized object patterns, providing a temporary shield until the official patch is applied.

Public Exploit Available: False

This vulnerability is highly critical and presents a significant security risk. Administrators must apply the latest plugin updates immediately to mitigate the threat of remote code execution.