CVE-2023-5235
Severity CVSS v4.0:
Pending analysis
Type:
CWE-502
Deserialization of Untrusted Dat
Publication date:
08/01/2024
Last modified:
11/06/2025
Description
The Ovic Responsive WPBakery WordPress plugin before 1.2.9 does not limit which options can be updated via some of its AJAX actions, which may allow attackers with a subscriber+ account to update blog options, such as 'users_can_register' and 'default_role'. It also unserializes user input in the process, which may lead to Object Injection attacks.
Impact
Base Score 3.x
8.80
Severity 3.x
HIGH
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:kutethemes:ovic_responsive_wpbakery:*:*:*:*:*:wordpress:*:* | 1.2.9 (excluding) |
To consult the complete list of CPE names with products and versions, see this page