CVE-2023-4971
HIGHWeaver Xtreme Theme Support < 6.3.1 - Authenticated PHP Object Injection via Import File Deserialization
Title source: llmDescription
The Weaver Xtreme Theme Support WordPress plugin before 6.3.1 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import a malicious file and a suitable gadget chain is present on the blog.
References (1)
Core 1
Core References
Exploit, Third Party Advisory exploit
vdb-entry
technical-description
https://wpscan.com/vulnerability/421194e1-6c3f-4972-8f3c-de1b9d2bcb13
Scores
CVSS v3
7.2
EPSS
0.0098
EPSS Percentile
57.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-502
Status
published
Products (1)
weavertheme/weaver_xtreme_theme_support
< 6.3.1
Published
Oct 16, 2023
Tracked Since
Feb 18, 2026