The wpDataTables WordPress plugin before 2.1.66 does not validate the "Serialized PHP array" input data before deserializing the data. This allows admins to deserialize arbitrary data which may lead to remote code execution if a suitable gadget chain is present on the server. This is impactful in environments where admin users should not be allowed to execute arbitrary code, such as multisite.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/1ab192d7-72ac-4f12-8a51-f28ee4db91bc | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2023-09-11T19:46:06.952Z
Updated: 2023-09-11T19:46:06.952Z
Reserved: 2023-08-11T19:07:52.418Z
Link: CVE-2023-4314
JSON object: View
NVD Information
Status : Modified
Published: 2023-09-11T20:15:12.310
Modified: 2023-11-07T04:22:27.490
Link: CVE-2023-4314
JSON object: View
Redhat Information
No data.
CWE
No CWE.