cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-4386,https://securityvulnerability.io/vulnerability/CVE-2023-4386,PHP Object Injection Vulnerability in Essential Blocks Plugin for WordPress,"The Essential Blocks plugin for WordPress is susceptible to PHP Object Injection due to insecure deserialization of untrusted input in the get_posts function. Attackers who are not authenticated can potentially inject a PHP Object, exploiting the vulnerability in versions up to and including 4.2.0. While the plugin does not inherently possess a Proof of Concept (POP) chain, the presence of such a chain through additional plugins or themes could enable attackers to carry out harmful activities, including modifying or deleting files and accessing sensitive information.",Wordpress,"Essential Blocks Pro,Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates",8.1,HIGH,0.004209999926388264,false,,false,false,false,,false,false,2023-10-20T08:15:00.000Z,0
CVE-2023-4402,https://securityvulnerability.io/vulnerability/CVE-2023-4402,PHP Object Injection Vulnerability in Essential Blocks Plugin for WordPress,"The Essential Blocks plugin for WordPress is susceptible to PHP Object Injection due to deserialization of untrusted input within the get_products function. This vulnerability affects versions up to and including 4.2.0. Unauthenticated attackers can exploit this flaw to inject PHP objects, leading to potential risks when a dangerous Object-Property (POP) chain is present via other plugins or themes. Such exploitation could permit attackers to delete files, access sensitive information, or execute malicious code.",Wordpress,"Essential Blocks Pro,Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates",9.8,CRITICAL,0.002300000051036477,false,,false,false,false,,false,false,2023-10-20T07:15:00.000Z,0