The wpDataTables WordPress plugin before 2.1.66 does not validate the "Serialized PHP array" input data before deserializing the data. This allows admins to deserialize arbitrary data which may lead to remote code execution if a suitable gadget chain is present on the server. This is impactful in environments where admin users should not be allowed to execute arbitrary code, such as multisite.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2023-09-11T19:46:06.952Z
Updated: 2024-08-02T07:24:04.604Z
Reserved: 2023-08-11T19:07:52.418Z
Link: CVE-2023-4314
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-09-11T20:15:12.310
Modified: 2024-11-21T08:34:50.253
Link: CVE-2023-4314
Redhat
No data.