CVE-2023-51700

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Dec 27, 2023
Updated: Jan 4, 2024
CWE ID 502

Summary

CVE-2023-51700: Unofficial WP-Mobile-BankID-Integration plugin for WordPress, version prior to 1.0.1, is susceptible to a Deserialization of Untrusted Data vulnerability. This issue puts WordPress sites at risk for object injection attacks, allowing unauthorized code execution, data manipulation, or data exfiltration. The vulnerability arises when an attacker manipulates the database, gaining access to it. Users are urged to upgrade to version 1.0.1 or later, which employs arrays stored as JSON instead of object serialization and deserialization. As a temporary measure, stricter database access controls and monitoring tools can help mitigate potential exploitation attempts.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share