What is CVE-2023-0159?

CVE-2023-0159 is a vulnerability in Extensive Vc Addons For Wpbakery Page Builder, classified under CWE-94 IMPROPER CONTROL OF GENERATION OF CODE ('CODE INJECTION'). Published 2023-02-13.

Is CVE-2023-0159 known to be exploited?

9 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Extensive Vc Addons For Wpbakery Page Builder

CVE-2023-0159

The Extensive VC Addons for WPBakery page builder WordPress plugin before 1.9.1 does not validate a parameter passed to the php extract function when loading templates, allowing an unauthenticated attacker to override the template path to…

EPSS: 0.927 (99.8th percentile) — read the EPSS interpretation.

Affected products

Unknown Extensive Vc Addons For Wpbakery Page Builder — versions 0

Public proof-of-concept exploits

References

wpscan.com/vulnerability/239ea870-66e5-4754-952e-74d4dd60b809 (exploit, vdb-entry, technical-description)

Frequently asked questions

What is CVE-2023-0159?: CVE-2023-0159 is a vulnerability in Extensive Vc Addons For Wpbakery Page Builder, classified under CWE-94 IMPROPER CONTROL OF GENERATION OF CODE ('CODE INJECTION'). Published 2023-02-13.
Is CVE-2023-0159 known to be exploited?: 9 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.