CVE-2023-4314

Name of the Vulnerable Software and Affected Versions wpDataTables versions prior to 2.1.66

Description The issue concerns the deserialization of arbitrary data due to a lack of validation of the Serialized PHP array input data. This can potentially lead to remote code execution if a suitable gadget chain is present on the server, particularly impacting environments where admin users should not be allowed to execute arbitrary code, such as multisite.

Recommendations For versions prior to 2.1.66, update to version 2.1.66 or later to resolve the issue. As a temporary workaround, consider restricting access to the deserialization functionality to minimize the risk of exploitation.