Deserialization of Untrusted Data Vulnerability Affects KD Coming Soon
CVE-2023-46615

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: KD Coming Soon
Vendor: CVE Published:; 12 February 2024

Summary

A vulnerability exists in the KD Coming Soon plugin by Kalli Dan, specifically a deserialization of untrusted data issue. This vulnerability allows attackers to exploit the insecure handling of serialized data. When untrusted input is deserialized without proper validation, it could potentially lead to PHP object injection, allowing attackers to execute arbitrary code or perform unauthorized actions within a WordPress environment. The vulnerability affects versions of the KD Coming Soon plugin up to 1.7, necessitating immediate attention and remedial measures for users and administrators relying on this plugin.

Affected Version(s)

KD Coming Soon <= 1.7

References

https://patchstack.com/database/vulnerability/kd-coming-s...

vdb-entry

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 12, 2024
Vulnerability Reserved
Oct 24, 2023

Credit

Mika (Patchstack Alliance)