Security Advisory

CVE-2021-24579

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-08-30 14:11:21

Last updated 2024-08-03 19:35:20

Assigner WPScan

State PUBLISHED

Description

The bt_bb_get_grid AJAX action of the Bold Page Builder WordPress plugin before 3.1.6 passes user input into the unserialize() function without any validation or sanitisation, which could lead to a PHP Object Injection. Even though the plugin did not contain a suitable gadget to fully exploit the issue, other installed plugins on the blog could allow such issue to be exploited and lead to RCE in some cases.

← Browse all CVEs View on cve.org ↗