Vulnerability Details : CVE-2023-4314
The wpDataTables WordPress plugin before 2.1.66 does not validate the "Serialized PHP array" input data before deserializing the data. This allows admins to deserialize arbitrary data which may lead to remote code execution if a suitable gadget chain is present on the server. This is impactful in environments where admin users should not be allowed to execute arbitrary code, such as multisite.
Vulnerability category: Execute code
Products affected by CVE-2023-4314
- cpe:2.3:a:tms-outsource:wpdatatables:*:*:*:*:*:wordpress:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-4314
0.23%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 61 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-4314
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
1.2
|
5.9
|
NIST |
CWE ids for CVE-2023-4314
-
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.Assigned by: contact@wpscan.com (Primary)
References for CVE-2023-4314
-
https://wpscan.com/vulnerability/1ab192d7-72ac-4f12-8a51-f28ee4db91bc
Just a moment...Exploit;Third Party Advisory
Jump to