CVE-2023-5235
Last modified
CVE-2023-5235 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. The Ovic Responsive WPBakery WordPress plugin before 1.2.9 does not limit which options can be updated via some of its AJAX actions, which may allow attackers with a subscriber+ account to update blog options, such as 'users_can_register' and 'default_role'. It also unserializes user input in the process, which may lead to Object Injection attacks.. EPSS estimates a 0.56% chance of exploitation in the next 30 days.
Description
The Ovic Responsive WPBakery WordPress plugin before 1.2.9 does not limit which options can be updated via some of its AJAX actions, which may allow attackers with a subscriber+ account to update blog options, such as 'users_can_register' and 'default_role'. It also unserializes user input in the process, which may lead to Object Injection attacks.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Kutethemes | Ovic Responsive Wpbakery | < 1.2.9 |
References
- https://wpscan.com/vulnerability/35c9a954-37fc-4818-a71f-34aaaa0fa3dbThird Party Advisory
- https://wpscan.com/vulnerability/35c9a954-37fc-4818-a71f-34aaaa0fa3dbThird Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-5235?
How severe is CVE-2023-5235?
How do I fix CVE-2023-5235?
Are you affected by CVE-2023-5235?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST