CVE-2023-7064
Vulnerability from cvelistv5
Published
2024-05-02 16:52
Modified
2024-08-02 08:50
Severity ?
EPSS score ?
Summary
The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.15.2 via deserialization of untrusted input from the vulnerable 'id' parameter in the 'auxin_template_control_importer' function. This makes it possible for authenticated attackers able to upload a separate PHAR payload as an image file to inject a PHP Object, though the action itself is available to subscribers. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | averta | Shortcodes and extra features for Phlox theme |
Version: * ≤ 2.15.2 |
|
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:averta:shortcodes_and_extra_features_for_phlox_theme:*:*:*:*:*:wordpress:*:*", ], defaultStatus: "unknown", product: "shortcodes_and_extra_features_for_phlox_theme", vendor: "averta", versions: [ { lessThanOrEqual: "2.15.2", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-7064", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-02T18:02:47.829970Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:17:23.668Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T08:50:07.822Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.wordfence.com/threat-intel/vulnerabilities/id/f0882205-3037-4ada-9e44-ddd55d88fcb1?source=cve", }, { tags: [ "x_transferred", ], url: "https://wordpress.org/plugins/auxin-elements/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Shortcodes and extra features for Phlox theme", vendor: "averta", versions: [ { lessThanOrEqual: "2.15.2", status: "affected", version: "*", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Justin Gardner", }, { lang: "en", type: "finder", value: "Michael Brackett", }, ], descriptions: [ { lang: "en", value: "The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.15.2 via deserialization of untrusted input from the vulnerable 'id' parameter in the 'auxin_template_control_importer' function. This makes it possible for authenticated attackers able to upload a separate PHAR payload as an image file to inject a PHP Object, though the action itself is available to subscribers. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.", }, ], metrics: [ { cvssV3_1: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "CWE-502 Deserialization of Untrusted Data", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-02T16:52:50.526Z", orgId: "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", shortName: "Wordfence", }, references: [ { url: "https://www.wordfence.com/threat-intel/vulnerabilities/id/f0882205-3037-4ada-9e44-ddd55d88fcb1?source=cve", }, { url: "https://wordpress.org/plugins/auxin-elements/", }, ], timeline: [ { lang: "en", time: "2024-04-15T00:00:00.000+00:00", value: "Disclosed", }, ], }, }, cveMetadata: { assignerOrgId: "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", assignerShortName: "Wordfence", cveId: "CVE-2023-7064", datePublished: "2024-05-02T16:52:50.526Z", dateReserved: "2023-12-21T18:27:40.008Z", dateUpdated: "2024-08-02T08:50:07.822Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2023-7064\",\"sourceIdentifier\":\"security@wordfence.com\",\"published\":\"2024-05-02T17:15:08.847\",\"lastModified\":\"2024-11-21T08:45:10.193\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.15.2 via deserialization of untrusted input from the vulnerable 'id' parameter in the 'auxin_template_control_importer' function. This makes it possible for authenticated attackers able to upload a separate PHAR payload as an image file to inject a PHP Object, though the action itself is available to subscribers. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.\"},{\"lang\":\"es\",\"value\":\"El complemento Shortcodes and extra features for Phlox theme para WordPress son vulnerables a la inyección de objetos PHP en todas las versiones hasta la 2.15.2 incluida a través de la deserialización de entradas no confiables del parámetro vulnerable 'id' en la función 'auxin_template_control_importer'. Esto hace posible que los atacantes autenticados puedan cargar un payload PHAR separado como un archivo de imagen para inyectar un objeto PHP, aunque la acción en sí está disponible para los suscriptores. No hay ninguna cadena POP presente en el complemento vulnerable. Si hay una cadena POP presente a través de un complemento o tema adicional instalado en el sistema de destino, podría permitir al atacante eliminar archivos arbitrarios, recuperar datos confidenciales o ejecutar código.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@wordfence.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":5.9}]},\"references\":[{\"url\":\"https://wordpress.org/plugins/auxin-elements/\",\"source\":\"security@wordfence.com\"},{\"url\":\"https://www.wordfence.com/threat-intel/vulnerabilities/id/f0882205-3037-4ada-9e44-ddd55d88fcb1?source=cve\",\"source\":\"security@wordfence.com\"},{\"url\":\"https://wordpress.org/plugins/auxin-elements/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.wordfence.com/threat-intel/vulnerabilities/id/f0882205-3037-4ada-9e44-ddd55d88fcb1?source=cve\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}", }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.