Filtered by vendor Kutethemes Subscriptions
Filtered by product Ovic Responsive Wpbakery Subscriptions
Total 1 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-5235 1 Kutethemes 1 Ovic Responsive Wpbakery 2024-11-14 8.8 High
The Ovic Responsive WPBakery WordPress plugin before 1.2.9 does not limit which options can be updated via some of its AJAX actions, which may allow attackers with a subscriber+ account to update blog options, such as 'users_can_register' and 'default_role'. It also unserializes user input in the process, which may lead to Object Injection attacks.