CVE-2023-4971

The Weaver Xtreme Theme Support WordPress plugin before 6.3.1 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import a malicious file and a suitable gadget chain is present on the blog...

CVE-2023-4971

creationtimestamp| type| source ---|---|--- 2023-10-17 00:38:21+00:00| seen| https://t.me/cibsecurity/72372...

WordPress Weaver Xtreme Theme Support Plugin < 6.3.1 is vulnerable to PHP Object Injection

Software Weaver Xtreme Theme Support Type Plugin Vulnerable versions 6.3.1 Fixed in 6.3.1 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-4971 Patch priority Low CVSS severity Low 6.6 Developer Claim ownership PSID 68d407ee3a34 Credits Do Xuan Trung Required privilege...

CVE-2023-4971 Weaver Xtreme Theme Support < 6.3.1 - Admin+ PHP Object Injection

The Weaver Xtreme Theme Support WordPress plugin before 6.3.1 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import a malicious file and a suitable gadget chain is present on the blog...

CVE-2023-4971

CVE-2023-4971 affects the WordPress plugin Weaver Xtreme Theme Support prior to version 6.3.1. The root cause is unserialising the contents of an imported file, which could enable PHP object injection when a high-privilege user imports a malicious file and a suitable gadget chain is present on th...