{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-10T23:05:21.900","vulnerabilities":[{"cve":{"id":"CVE-2023-51700","sourceIdentifier":"security-advisories@github.com","published":"2023-12-27T18:15:23.700","lastModified":"2024-11-21T08:38:38.180","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Unofficial Mobile BankID Integration for WordPress lets users employ Mobile BankID to authenticate themselves on your WordPress site. Prior to 1.0.1, WP-Mobile-BankID-Integration is affected by a vulnerability classified as a Deserialization of Untrusted Data vulnerability, specifically impacting scenarios where an attacker can manipulate the database. If unauthorized actors gain access to the database, they could exploit this vulnerability to execute object injection attacks. This could lead to unauthorized code execution, data manipulation, or data exfiltration within the WordPress environment.  Users of the plugin should upgrade to version 1.0.1 (or later), where the serialization and deserialization of OrderResponse objects have been switched out to an array stored as JSON.  A possible workaround for users unable to upgrade immediately is to enforce stricter access controls on the database, ensuring that only trusted and authorized entities can modify data. Additionally, implementing monitoring tools to detect unusual database activities could help identify and mitigate potential exploitation attempts.\n"},{"lang":"es","value":"La integración no oficial de Mobile BankID para WordPress permite a los usuarios emplear Mobile BankID para autenticarse en su sitio de WordPress. Antes de la versión 1.0.1, WP-Mobile-BankID-Integration se ve afectado por una vulnerabilidad clasificada como vulnerabilidad de deserialización de datos no confiables, que afecta específicamente escenarios en los que un atacante puede manipular la base de datos. Si actores no autorizados obtienen acceso a la base de datos, podrían aprovechar esta vulnerabilidad para ejecutar ataques de inyección de objetos. Esto podría dar lugar a la ejecución de código no autorizado, manipulación de datos o filtración de datos dentro del entorno de WordPress. Los usuarios del complemento deben actualizar a la versión 1.0.1 (o posterior), donde la serialización y deserialización de los objetos OrderResponse se cambiaron a una matriz almacenada como JSON. Una posible solución para los usuarios que no pueden actualizar inmediatamente es aplicar controles de acceso más estrictos a la base de datos, garantizando que solo las entidades autorizadas y de confianza puedan modificar los datos. Además, implementar herramientas de monitoreo para detectar actividades inusuales en la base de datos podría ayudar a identificar y mitigar posibles intentos de explotación."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.5,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:jamieblomerus:unofficial_mobile_bankid_integration:*:*:*:*:*:wordpress:*:*","versionEndExcluding":"1.0.1","matchCriteriaId":"4BC13A72-3F9F-43DA-8F3B-1E8A6BFD42CF"}]}]}],"references":[{"url":"https://github.com/jamieblomerus/WP-Mobile-BankID-Integration/commit/8251c6298a995ccf4f26c43f03ed11a275dd0c5f","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/jamieblomerus/WP-Mobile-BankID-Integration/security/advisories/GHSA-pqwp-qrp7-grg4","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://github.com/jamieblomerus/WP-Mobile-BankID-Integration/commit/8251c6298a995ccf4f26c43f03ed11a275dd0c5f","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/jamieblomerus/WP-Mobile-BankID-Integration/security/advisories/GHSA-pqwp-qrp7-grg4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}