| |
Vulnerability CVE-2023-4386
Published: 2023-10-20
Description: |
The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_posts function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. |
See advisories in our WLB2 database: | Topic | Author | Date |
Med. |
| Marco Wotschka | 20.09.2023 |
References: |
https://www.wordfence.com/threat-intel/vulnerabilities/id/af468f83-d6ad-474c-bf7f-c4eeb6df1b54?source=cve
https://plugins.trac.wordpress.org/browser/essential-blocks/trunk/includes/API/PostBlock.php?rev=2950425#L30
|
|
|
closedb();
?>
Copyright 2024, cxsecurity.com
|
|
|