Read More & Accordion < 3.2.7 - Admin+ PHP Object Injection
CVE-2023-3392
7.2HIGH
Summary
The Read More & Accordion plugin for WordPress prior to version 3.2.7 contains a vulnerability that allows high-privilege users, such as administrators, to manipulate unserialized user input through the settings. This flaw could enable attackers to perform PHP Object Injection exploits, leading to potential unauthorized code execution if a suitable gadget is available. It is crucial for users to upgrade to the latest version to mitigate risks associated with this vulnerability.
Affected Version(s)
Read More & Accordion 0 < 3.2.7
References
CVSS V3.1
Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Do Xuan Trung
WPScan