| |
Vulnerability CVE-2023-4402
Published: 2023-10-20
Description: |
The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_products function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. |
See advisories in our WLB2 database: | Topic | Author | Date |
Med. |
| Marco Wotschka | 20.09.2023 |
References: |
https://www.wordfence.com/threat-intel/vulnerabilities/id/1ede7a25-9bb2-408e-b7fb-e5bd4f594351?source=cve
https://plugins.trac.wordpress.org/browser/essential-blocks/trunk/includes/API/Product.php?rev=2950425#L49
|
|
|
closedb();
?>
Copyright 2024, cxsecurity.com
|
|
|