3 matches found
CVE-2023-5235
creationtimestamp| type| source ---|---|--- 2024-01-08 20:26:59+00:00| seen| https://t.me/ctinow/164601 2024-01-25 14:42:00+00:00| seen| https://t.me/ctinow/173471 2025-06-11 17:34:32+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/18103...
CVE-2023-5235 Ovic Responsive WPBakery < 1.2.9 - Subscriber+ Option Update
The Ovic Responsive WPBakery WordPress plugin before 1.2.9 does not limit which options can be updated via some of its AJAX actions, which may allow attackers with a subscriber+ account to update blog options, such as 'userscanregister' and 'defaultrole'. It also unserializes user input in the...
CVE-2023-5235
The CVE concerns the Ovic Responsive WPBakery WordPress plugin (versions before 1.2.9). The vulnerability arises from two issues: (1) AJAX actions do not enforce a proper whitelist of updatable blog options, allowing a subscriber+ account to modify settings such as users_can_register and default_...