CVE-2023-28782

Name of the Vulnerable Software and Affected Versions Gravity Forms versions n/a through 2.7.3

Description The issue is related to the deserialization of untrusted data in Gravity Forms, which can be exploited by a remote attacker to gain read, modify, or delete access to files or execute arbitrary code. The maybe unserialize() function of the Gravity Forms plugin for the WordPress content management system is associated with shortcomings in the deserialization mechanism.

Recommendations For versions n/a through 2.7.3, update to a version later than 2.7.3 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.