CVE-2023-2288: Otter - Gutenberg Blocks < 2.2.6 - Author+ PHAR Deserialization
First published: Tue May 30 2023(Updated: )
The Otter WordPress plugin before 2.2.6 does not sanitize some user-controlled file paths before performing file operations on them. This leads to a PHAR deserialization vulnerability on PHP < 8.0 using the phar:// stream wrapper.
Credit: contact@wpscan.com contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Themeisle Otter Blocks Wordpress | <2.2.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of the Otter WordPress plugin issue?
The vulnerability ID is CVE-2023-2288.
What is the severity level of CVE-2023-2288?
The severity level of CVE-2023-2288 is high.
What is the description of CVE-2023-2288?
CVE-2023-2288 is a PHAR deserialization vulnerability in the Otter WordPress plugin before version 2.2.6, which allows remote attackers to execute arbitrary code.
How does CVE-2023-2288 impact PHP versions below 8.0?
CVE-2023-2288 leads to a PHAR deserialization vulnerability on PHP versions below 8.0 using the phar:// stream wrapper.
Is there a fix available for CVE-2023-2288?
Yes, upgrading to version 2.2.6 of the Otter WordPress plugin addresses the vulnerability CVE-2023-2288.
- collector/nvd-latest
- agent/type
- agent/softwarecombine
- agent/references
- agent/title
- agent/severity
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/themeisle
- canonical/themeisle otter blocks wordpress