Lucene search
K

6 matches found

CVE
CVE
added 2023/10/20 6:35 a.m.63 views

CVE-2023-4402

The WordPress Essential Blocks plugin (versions up to and including 4.2.0) is affected by a PHP Object Injection via deserialization of untrusted input in the get_products/get_posts path. The vulnerability allows unauthenticated attackers to inject a PHP Object; exploitation may enable deletion o...

9.8CVSS9.4AI score0.0134EPSS
Exploits3References2Affected Software2
Vulnrichment
Vulnrichment
added 2023/10/20 6:35 a.m.12 views

CVE-2023-4402 Essential Blocks <= 4.2.0 - Unauthenticated PHP Object Injection via products

The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the getproducts function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugi...

8.1CVSS7.5AI score0.0134EPSS
Exploits3References2
Wordfence Blog
Wordfence Blog
added 2023/09/19 1:48 p.m.57 views

Two PHP Object Injection Vulnerabilities Fixed in Essential Blocks

On August 18, 2023, the Wordfence Threat Intelligence team initiated the responsible disclosure process for two PHP Object Injection vulnerabilities in the Essential Blocks plugin for WordPress, a plugin with over 100,000 installations. We received a response three days later and sent over our fu...

7.8AI score0.0134EPSS
Exploits3
0day.today
0day.today
added 2023/09/19 12:0 a.m.410 views

WordPress Essential Blocks 4.2.0 / Essential Blocks Pro 1.1.0 PHP Object Injection Vulnerability

Vulnerability Summary from Wordfence Intelligence Description: Insecure Deserialization/PHP Object Injection via queries Affected Plugin: Essential Blocks, Essential Blocks Pro Plugin slug: essential-blocks, essential-blocks-pro Vendor: WPDeveloper Affected versions: = 4.2.0 Free and = 1.1.0 Pro...

9.8CVSS8.8AI score0.0134EPSS
Exploits3
Packet Storm
Packet Storm
added 2023/09/19 12:0 a.m.493 views

WordPress Essential Blocks 4.2.0 / Essential Blocks Pro 1.1.0 PHP Object Injection

Vulnerability Summary from Wordfence Intelligence Description: Insecure Deserialization/PHP Object Injection via queries Affected Plugin: Essential Blocks, Essential Blocks Pro Plugin slug: essential-blocks, essential-blocks-pro Vendor: WPDeveloper Affected versions: = 4.2.0 Free and = 1.1.0 Pro...

7.1AI score0.0134EPSS
Exploits3
Patchstack
Patchstack
added 2023/09/14 12:0 a.m.20 views

WordPress Essential Blocks for Gutenberg Plugin <= 4.2.0 is vulnerable to PHP Object Injection

Software Essential Blocks for Gutenberg Type Plugin Vulnerable versions = 4.2.0 Fixed in 4.2.1 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-4402 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID 12450c59ad4b Credits Marco Wotschka Required...

9.8CVSS7.2AI score0.0134EPSS
Exploits3References3Affected Software1
Rows per page
Query Builder