Vulnerability Details CVE-2023-28667
The Lead Generated WordPress Plugin, version <= 1.23, was affected by an unauthenticated insecure deserialization issue. The tve_labels parameter of the tve_api_form_submit action is passed to the PHP unserialize() function without being sanitized or verified, and as a result could lead to PHP object injection, which when combined with certain class implementations / gadget chains could be leveraged to perform a variety of malicious actions granted a POP chain is also present.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.5%
CVSS Severity
CVSS v3 Score 9.8
References
Products affected by CVE-2023-28667
-
cpe:2.3:a:leadgenerated:lead_generated:-
-
cpe:2.3:a:leadgenerated:lead_generated:1.0
-
cpe:2.3:a:leadgenerated:lead_generated:1.1
-
cpe:2.3:a:leadgenerated:lead_generated:1.10
-
cpe:2.3:a:leadgenerated:lead_generated:1.11
-
cpe:2.3:a:leadgenerated:lead_generated:1.12
-
cpe:2.3:a:leadgenerated:lead_generated:1.13
-
cpe:2.3:a:leadgenerated:lead_generated:1.14
-
cpe:2.3:a:leadgenerated:lead_generated:1.15
-
cpe:2.3:a:leadgenerated:lead_generated:1.16
-
cpe:2.3:a:leadgenerated:lead_generated:1.17
-
cpe:2.3:a:leadgenerated:lead_generated:1.18
-
cpe:2.3:a:leadgenerated:lead_generated:1.19
-
cpe:2.3:a:leadgenerated:lead_generated:1.2
-
cpe:2.3:a:leadgenerated:lead_generated:1.20
-
cpe:2.3:a:leadgenerated:lead_generated:1.21
-
cpe:2.3:a:leadgenerated:lead_generated:1.22
-
cpe:2.3:a:leadgenerated:lead_generated:1.23
-
cpe:2.3:a:leadgenerated:lead_generated:1.3
-
cpe:2.3:a:leadgenerated:lead_generated:1.4
-
cpe:2.3:a:leadgenerated:lead_generated:1.5
-
cpe:2.3:a:leadgenerated:lead_generated:1.6
-
cpe:2.3:a:leadgenerated:lead_generated:1.7
-
cpe:2.3:a:leadgenerated:lead_generated:1.8
-
cpe:2.3:a:leadgenerated:lead_generated:1.9