CVE-2023-1381: 
WordPress vulnerability analysis and mitigation

The WP Meta SEO WordPress plugin versions before 4.5.5 contained a PHAR deserialization vulnerability (CVE-2023-1381) discovered during an internal audit by the WPScan team. The vulnerability allows attackers with Author-level privileges or higher to upload and deserialize PHAR files, potentially leading to arbitrary PHP object deserialization. The issue was disclosed on March 27, 2023, and was fixed in version 4.5.5 (WPScan Blog).

The vulnerability stems from the plugin's failure to validate image file paths before manipulation. When the 'Reload Analysis' button is clicked in the SEO Page Optimization feature, the plugin processes post content and images. The vulnerability exists because the file_exists function is called on user-controlled paths without proper validation. On PHP versions prior to 8.0, if the path uses the phar:// stream wrapper pointing to a PHAR file, it triggers automatic deserialization of the PHP metadata object within the file. The vulnerability has a CVSS score of 7.2 (High) (WPScan Blog).

The vulnerability can be exploited to achieve remote code execution on systems running PHP versions before 8.0, due to the presence of known deserialization gadgets (including guzzlehttp and monolog libraries) within the plugin's vendor directory. WordPress instances running on PHP 8.0 and above are not susceptible to this vulnerability as PHP 8.0 disabled automatic deserialization of PHAR metadata (WPScan Blog).

Site owners are strongly recommended to update to WP Meta SEO version 4.5.5 or later, which contains the fix for this vulnerability. Additionally, running WordPress on PHP 8.0 or higher provides protection against this specific type of vulnerability as it disables automatic PHAR metadata deserialization. Using a robust security solution like Jetpack Security can provide additional protection against such vulnerabilities (WPScan Blog).