High severity7.5NVD Advisory· Published Feb 13, 2023· Updated Jun 17, 2026
CVE-2023-0159
CVE-2023-0159
Description
The Extensive VC Addons for WPBakery page builder WordPress plugin before 1.9.1 does not validate a parameter passed to the php extract function when loading templates, allowing an unauthenticated attacker to override the template path to read arbitrary files from the hosts file system. This may be escalated to RCE using PHP filter chains.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Extensive VC Addons for WPBakery page builderdescription
- Range: <1.9.1
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/239ea870-66e5-4754-952e-74d4dd60b809nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.