| |
Vulnerability CVE-2023-5235
Published: 2024-01-08
| Description: |
The Ovic Responsive WPBakery WordPress plugin before 1.2.9 does not limit which options can be updated via some of its AJAX actions, which may allow attackers with a subscriber+ account to update blog options, such as 'users_can_register' and 'default_role'. It also unserializes user input in the process, which may lead to Object Injection attacks. |
References: |
https://wpscan.com/vulnerability/35c9a954-37fc-4818-a71f-34aaaa0fa3db
|
|
|
Copyright 2026, cxsecurity.com
|
|
|
