Lucene search
WpvulndbWPVDB-ID:25CF4FDE-7BE0-4395-9AD4-1723698F57ECHistoryNov 24, 2023 - 12:00 a.m.
Essential Blocks <= 4.2.0 - Unauthenticated PHP Object Injection via queries
2023-11-2400:00:00
wpscan.com
12
wordpress
php object injection
unauthenticated
essential blocks
plugin vulnerability
Description The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_posts function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
Related
cvelist
cvelist
CVE-2023-4386
2023-10-20 07:29:27
cve
cve
CVE-2023-4386
2023-10-20 08:15:12
prion
prion
Deserialization of untrusted data
2023-10-20 08:15:00
nvd
nvd
CVE-2023-4386
2023-10-20 08:15:12
openvas
openvas
zdt
zdt
packetstorm
packetstorm
wpvulndb
wpvulndb
Essential Blocks < 4.2.1 - Unauthenticated Object Injection
2023-09-28 00:00:00
wordfence
wordfence
7.8 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
48.9%
Related for WPVDB-ID:25CF4FDE-7BE0-4395-9AD4-1723698F57EC