Wpdevteam Essential Blocks Pro vulnerabilities
2 known vulnerabilities affecting wpdevteam/essential_blocks_pro.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2023-4402P3CRITICALCVSS 9.8≤ 1.1.02023-10-20
CVE-2023-4402 [CRITICAL] CWE-502 CVE-2023-4402: The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, a
The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_products function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin
nvd
CVE-2023-4386P3HIGHCVSS 8.1≤ 1.1.02023-10-20
CVE-2023-4386 [HIGH] CWE-502 CVE-2023-4386: The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, a
The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_posts function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or the
nvd