The Ovic Responsive WPBakery WordPress plugin before 1.2...
High severity
Unreviewed
Published
Jan 8, 2024
to the GitHub Advisory Database
•
Updated Jan 20, 2024
Description
Published by the National Vulnerability Database
Jan 8, 2024
Published to the GitHub Advisory Database
Jan 8, 2024
Last updated
Jan 20, 2024
The Ovic Responsive WPBakery WordPress plugin before 1.2.9 does not limit which options can be updated via some of its AJAX actions, which may allow attackers with a subscriber+ account to update blog options, such as 'users_can_register' and 'default_role'. It also unserializes user input in the process, which may lead to Object Injection attacks.
References