CVE-2023-0159

Published: Feb 13, 2023

Modified: Aug 2, 2024

PUBLISHED

Description

The Extensive VC Addons for WPBakery page builder WordPress plugin before 1.9.1 does not validate a parameter passed to the php extract function when loading templates, allowing an unauthenticated attacker to override the template path to read arbitrary files from the hosts file system. This may be escalated to RCE using PHP filter chains.

Vendor	Product	Versions
Unknown	Extensive VC Addons for WPBakery page builder	affected `0 - < 1.9.1`

References

https://wpscan.com/vulnerability/239ea870-66e5-4754-952e-74d4dd60b809

exploit

vdb-entry

technical-description

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-0159

Description

Affected Products

References