CVE-2021-24579

CVE-2021-24579

The bt_bb_get_grid AJAX action of the Bold Page Builder WordPress plugin before 3.1.6 passes user input into the unserialize() function without any validation or sanitisation, which could lead to a PHP Object Injection. Even though the plugin did not contain a suitable gadget to fully exploit the issue, other installed plugins on the blog could allow such issue to be exploited and lead to RCE in some cases.

Source: CVE-2021-24579

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다