CVE-2021-24579

Name of the Vulnerable Software and Affected Versions Bold Page Builder WordPress plugin versions prior to 3.1.6

Description The issue arises from the bt bb get grid AJAX action passing user input into the unserialize() function without validation or sanitization, potentially leading to a PHP Object Injection. Although the plugin itself may not contain a suitable gadget for full exploitation, the presence of other plugins on the blog could facilitate exploitation, resulting in Remote Code Execution (RCE) in some cases.

Recommendations For versions prior to 3.1.6, update to version 3.1.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the bt bb get grid AJAX action until a patch is applied.