What the vulnerability does
01Description
Deserialization of Untrusted Data vulnerability in strongholdthemes Dental Care CPT dentalcare-cpt allows Object Injection.This issue affects Dental Care CPT: from n/a through <= 20.2.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Deserialization of Untrusted Data vulnerability in strongholdthemes Dental Care CPT dentalcare-cpt allows Object Injection.This issue affects Dental Care CPT: from n/a through <= 20.2.
Explanation of Vulnerability in Simple Terms
Dental Care CPT versions 20.2 and earlier contain a deserialization vulnerability that allows authenticated attackers to execute arbitrary code on the site. The vulnerability exists in how the plugin processes untrusted serialized data without proper validation. An attacker with low-level site access can exploit this to gain full control of the WordPress installation.
What an attacker can do
Run arbitrary code on the site and take full control of the WordPress installation.
Potential impact on your site
Complete site compromise: attackers can steal data, modify content, create admin accounts, or inject malware.
Conditions required to exploit
Attacker must have a low-level authenticated account (e.g., subscriber or contributor role).
Key dates
External resources