PT-2024-14541 · WordPress · Ovic Responsive Wpbakery Wordpress Plugin
Gibran Abdillah
·
Published
2024-01-08
·
Updated
2025-06-11
·
CVE-2023-5235
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Ovic Responsive WPBakery WordPress plugin versions prior to 1.2.9
Description
The issue allows attackers with a subscriber+ account to update blog options, such as
users can register and default role, via some of its AJAX actions. It also unserializes user input, which may lead to Object Injection attacks.Recommendations
For versions prior to 1.2.9, update to version 1.2.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the AJAX actions that update blog options to minimize the risk of exploitation. Avoid using the
users can register and default role options in the affected AJAX actions until the issue is resolved.Exploit
Fix
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ovic Responsive Wpbakery Wordpress Plugin