Unrated severityNVD Advisory· Published Aug 30, 2021· Updated Aug 3, 2024
Bold Page Builder < 3.1.6 - PHP Object Injection
CVE-2021-24579
Description
The bt_bb_get_grid AJAX action of the Bold Page Builder WordPress plugin before 3.1.6 passes user input into the unserialize() function without any validation or sanitisation, which could lead to a PHP Object Injection. Even though the plugin did not contain a suitable gadget to fully exploit the issue, other installed plugins on the blog could allow such issue to be exploited and lead to RCE in some cases.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <3.1.6
- Range: 3.1.6
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/08edce3f-2746-4886-8439-76e44ec76fa8mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.