Lucene search
K

6 matches found

Vulnrichment
Vulnrichment
added 2023/10/20 7:29 a.m.12 views

CVE-2023-4386 Essential Blocks <= 4.2.0 - Unauthenticated PHP Object Injection via queries

The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the getposts function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. ...

8.1CVSS7.4AI score0.00768EPSS
Exploits2References2
Wordfence Blog
Wordfence Blog
added 2023/09/19 1:48 p.m.58 views

Two PHP Object Injection Vulnerabilities Fixed in Essential Blocks

On August 18, 2023, the Wordfence Threat Intelligence team initiated the responsible disclosure process for two PHP Object Injection vulnerabilities in the Essential Blocks plugin for WordPress, a plugin with over 100,000 installations. We received a response three days later and sent over our fu...

7.8AI score0.0134EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/09/19 12:0 a.m.496 views

WordPress Essential Blocks 4.2.0 / Essential Blocks Pro 1.1.0 PHP Object Injection

Vulnerability Summary from Wordfence Intelligence Description: Insecure Deserialization/PHP Object Injection via queries Affected Plugin: Essential Blocks, Essential Blocks Pro Plugin slug: essential-blocks, essential-blocks-pro Vendor: WPDeveloper Affected versions: = 4.2.0 Free and = 1.1.0 Pro...

7.1AI score0.0134EPSS
Exploits3
0day.today
0day.today
added 2023/09/19 12:0 a.m.410 views

WordPress Essential Blocks 4.2.0 / Essential Blocks Pro 1.1.0 PHP Object Injection Vulnerability

Vulnerability Summary from Wordfence Intelligence Description: Insecure Deserialization/PHP Object Injection via queries Affected Plugin: Essential Blocks, Essential Blocks Pro Plugin slug: essential-blocks, essential-blocks-pro Vendor: WPDeveloper Affected versions: = 4.2.0 Free and = 1.1.0 Pro...

9.8CVSS8.8AI score0.0134EPSS
Exploits3
Patchstack
Patchstack
added 2023/09/14 12:0 a.m.21 views

WordPress Essential Blocks Pro Plugin <= 1.1.0 is vulnerable to PHP Object Injection

Software Essential Blocks Pro Type Plugin Vulnerable versions = 1.1.0 Fixed in 1.1.1 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-4386 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID b459be820fbe Credits Marco Wotschka Required privilege...

8.1CVSS7.2AI score0.00768EPSS
Exploits2References2Affected Software1
OpenVAS
OpenVAS
added 2023/07/12 12:0 a.m.29 views

WordPress Intuitive Custom Post Order Plugin < 3.1.4 Multiple Vulnerabilities

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:intuitivecustompostorderproject:intuitivecustompostorder";...

8.1CVSS6AI score0.00768EPSS
Exploits6References2
Rows per page
Query Builder