8.8
CVSSv3

CVE-2023-5235

Published: 08/01/2024 Updated: 11/01/2024
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 0

Vulnerability Summary

The Ovic Responsive WPBakery WordPress plugin prior to 1.2.9 does not limit which options can be updated via some of its AJAX actions, which may allow attackers with a subscriber+ account to update blog options, such as 'users_can_register' and 'default_role'. It also unserializes user input in the process, which may lead to Object Injection attacks.

Vulnerable Product Search on Vulmon Subscribe to Product

kutethemes ovic responsive wpbakery