Vulnerability Details CVE-2023-4971
The Weaver Xtreme Theme Support WordPress plugin before 6.3.1 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import a malicious file and a suitable gadget chain is present on the blog.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 48.4%
CVSS Severity
CVSS v3 Score 7.2
References
Products affected by CVE-2023-4971
-
cpe:2.3:a:weavertheme:weaver_xtreme_theme_support:-
-
cpe:2.3:a:weavertheme:weaver_xtreme_theme_support:0.1
-
cpe:2.3:a:weavertheme:weaver_xtreme_theme_support:5.0
-
cpe:2.3:a:weavertheme:weaver_xtreme_theme_support:5.0.2
-
cpe:2.3:a:weavertheme:weaver_xtreme_theme_support:6.1
-
cpe:2.3:a:weavertheme:weaver_xtreme_theme_support:6.2
-
cpe:2.3:a:weavertheme:weaver_xtreme_theme_support:6.2.5
-
cpe:2.3:a:weavertheme:weaver_xtreme_theme_support:6.2.7
-
cpe:2.3:a:weavertheme:weaver_xtreme_theme_support:6.2.8
-
cpe:2.3:a:weavertheme:weaver_xtreme_theme_support:6.2.9
-
cpe:2.3:a:weavertheme:weaver_xtreme_theme_support:6.3.0