The plugin sitebuilder-dynamic-components insecurely trusts serialized data submitted over AJAX requests. This opens up the site to a PHP object injection vulnerability potential exploit vector.
Attack is exploitable over AJAX calls sites with the sitebuilder-dynamic-components Plugin.
Robert R
No
2017-04-27 (about 6 years ago)
2017-05-21 (about 6 years ago)
2020-09-22 (about 2 years ago)