CVE-2023-4314
Last modified
CVE-2023-4314 is a high-severity vulnerability rated 7.2/10 on the CVSS scale. The wpDataTables WordPress plugin before 2.1.66 does not validate the "Serialized PHP array" input data before deserializing the data. This allows admins to deserialize arbitrary data which may lead to remote code execution if a suitable gadget chain is present on the server. EPSS estimates a 1.26% chance of exploitation in the next 30 days.
Description
The wpDataTables WordPress plugin before 2.1.66 does not validate the "Serialized PHP array" input data before deserializing the data. This allows admins to deserialize arbitrary data which may lead to remote code execution if a suitable gadget chain is present on the server. This is impactful in environments where admin users should not be allowed to execute arbitrary code, such as multisite.
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Tms-Outsource | Wpdatatables | < 2.1.66 |
References
- https://wpscan.com/vulnerability/1ab192d7-72ac-4f12-8a51-f28ee4db91bcExploit, Third Party Advisory
- https://wpscan.com/vulnerability/1ab192d7-72ac-4f12-8a51-f28ee4db91bcExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-4314?
How severe is CVE-2023-4314?
How do I fix CVE-2023-4314?
Are you affected by CVE-2023-4314?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST