The Ad Inserter WordPress plugin before 2.7.27 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/c94b3a68-673b-44d7-9251-f3590cc5ee9e | Exploit |
Configurations
History
07 Nov 2023, 04:04
Type | Values Removed | Values Added |
---|---|---|
CWE |
Information
Published : 2023-05-15 13:15
Updated : 2024-02-28 20:13
NVD link : CVE-2023-1549
Mitre link : CVE-2023-1549
CVE.ORG link : CVE-2023-1549
JSON object : View
Products Affected
ad_inserter_project
- ad_inserter
CWE
No CWE.