Unrated severityNVD Advisory· Published Feb 23, 2023· Updated Mar 12, 2025
CVE-2023-26326
CVE-2023-26326
Description
The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affected by an unauthenticated insecure deserialization issue. An unauthenticated attacker could leverage this issue to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<2.7.8+ 1 more
- (no CPE)range: <2.7.8
- (no CPE)range: < 2.7.8
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.