Vulnerabilities > CVE-2023-5235 - Deserialization of Untrusted Data vulnerability in Kutethemes Ovic Responsive Wpbakery

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

kutethemes

CWE-502

NVD

Published: 2024-01-08

Updated: 2024-01-11

Summary

The Ovic Responsive WPBakery WordPress plugin before 1.2.9 does not limit which options can be updated via some of its AJAX actions, which may allow attackers with a subscriber+ account to update blog options, such as 'users_can_register' and 'default_role'. It also unserializes user input in the process, which may lead to Object Injection attacks.

Vulnerable Configurations

Part	Description	Count
Application	Kutethemes Kutethemes Ovic Responsive Wpbakery 1.0.0 Kutethemes Ovic Responsive Wpbakery 1.0.7 Kutethemes Ovic Responsive Wpbakery 1.0.8 Kutethemes Ovic Responsive Wpbakery 1.0.9 Kutethemes Ovic Responsive Wpbakery 1.1.0 Kutethemes Ovic Responsive Wpbakery 1.1.1 Kutethemes Ovic Responsive Wpbakery 1.1.2 Kutethemes Ovic Responsive Wpbakery 1.1.3 Kutethemes Ovic Responsive Wpbakery 1.1.4 Kutethemes Ovic Responsive Wpbakery 1.1.5 Kutethemes Ovic Responsive Wpbakery 1.1.6 Kutethemes Ovic Responsive Wpbakery 1.1.7 Kutethemes Ovic Responsive Wpbakery 1.1.8 Kutethemes Ovic Responsive Wpbakery 1.1.9 Kutethemes Ovic Responsive Wpbakery 1.2.0 Kutethemes Ovic Responsive Wpbakery 1.2.1 Kutethemes Ovic Responsive Wpbakery 1.2.2 Kutethemes Ovic Responsive Wpbakery 1.2.3 Kutethemes Ovic Responsive Wpbakery 1.2.4 Kutethemes Ovic Responsive Wpbakery 1.2.5 Kutethemes Ovic Responsive Wpbakery 1.2.6 Kutethemes Ovic Responsive Wpbakery 1.2.8	22

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

References

https://wpscan.com/vulnerability/35c9a954-37fc-4818-a71f-34aaaa0fa3db