Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbWpvulndbWPVDB-ID:9526EA49-C3CA-4B21-8CB1-2E2E5CFB520C
HistoryFeb 07, 2024 - 12:00 a.m.

WP-Mobile-BankID-Integration < 1.0.1 - PHP Object Injection

2024-02-0700:00:00
wpscan.com
4
wordpress
php
object injection
vulnerable
deserialization
untrusted input
plugin
attack
pop chain
additional
theme
target system
arbitrary files
sensitive data

7.5 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

31.7%

JSON

Description The WP-Mobile-BankID-Integration plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and excluding, 1.0.1 via deserialization of untrusted input through the getAuthResponseFromDB function. This makes it possible for attackers to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.

CPENameOperatorVersion
eq1.0.1

Related

cve 1
osv 1
cvelist 1
prion 1
nvd 1
cve
cve
CVE-2023-51700
2023-12-27 18:15:23
osv
osv
CVE-2023-51700
2023-12-27 18:15:23
cvelist
cvelist
CVE-2023-51700 WP-Mobile-BankID-Integration WordPress Database Deserialization: Potential for Object Injection
2023-12-27 17:35:06
prion
prion
Deserialization of untrusted data
2023-12-27 18:15:00
nvd
nvd
CVE-2023-51700
2023-12-27 18:15:23

7.5 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

31.7%

JSON
Related for WPVDB-ID:9526EA49-C3CA-4B21-8CB1-2E2E5CFB520C
cve1osv1cvelist1prion1nvd1