Lucene search
WpvulndbWPVDB-ID:A84DC2FF-119E-4122-8E20-ABEEFC8AC0E0HistoryNov 24, 2023 - 12:00 a.m.
Essential Blocks <= 4.2.0 - Unauthenticated PHP Object Injection via products
2023-11-2400:00:00
wpscan.com
6
wordpress
essential blocks
version 4.2.0
php object injection
unauthenticated
products
deserialization
vulnerability
attackers
pop chain
Description The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_products function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
Related
cvelist
cvelist
CVE-2023-4402
2023-10-20 06:35:10
nvd
nvd
CVE-2023-4402
2023-10-20 07:15:15
prion
prion
Deserialization of untrusted data
2023-10-20 07:15:00
cve
cve
CVE-2023-4402
2023-10-20 07:15:15
openvas
openvas
wpvulndb
wpvulndb
Essential Blocks < 4.2.1 - Unauthenticated Object Injection
2023-09-28 00:00:00
zdt
zdt
packetstorm
packetstorm
wordfence
wordfence
7.8 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
44.5%
Related for WPVDB-ID:A84DC2FF-119E-4122-8E20-ABEEFC8AC0E0