Lucene search
PRIOn knowledge basePRION:CVE-2023-4386HistoryOct 20, 2023 - 8:15 a.m.
Deserialization of untrusted data
2023-10-2008:15:00
PRIOn knowledge base
www.prio-n.com
4
deserialization
untrusted data
php object injection
authentication bypass
arbitrary files deletion
sensitive data retrieval
code execution
The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_posts function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
| CPE | Name | Operator | Version |
|---|---|---|---|
| essential_blocks | le | 4.2.0 |
Related
cvelist
cvelist
CVE-2023-4386
2023-10-20 07:29:27
cve
cve
CVE-2023-4386
2023-10-20 08:15:12
wpvulndb
wpvulndb
Essential Blocks <= 4.2.0 - Unauthenticated PHP Object Injection via queries
2023-11-24 00:00:00
Essential Blocks < 4.2.1 - Unauthenticated Object Injection
2023-09-28 00:00:00
nvd
nvd
CVE-2023-4386
2023-10-20 08:15:12
openvas
openvas
zdt
zdt
packetstorm
packetstorm
wordfence
wordfence