CVEs-PoC/2021/CVE-2021-24579.md

### [CVE-2021-24579](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24579)
![](https://img.shields.io/static/v1?label=Product&message=Bold%20Page%20Builder&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=3.1.6%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%20Deserialization%20of%20Untrusted%20Data&color=brightgreen)

### Description

The bt_bb_get_grid AJAX action of the Bold Page Builder WordPress plugin before 3.1.6 passes user input into the unserialize() function without any validation or sanitisation, which could lead to a PHP Object Injection. Even though the plugin did not contain a suitable gadget to fully exploit the issue, other installed plugins on the blog could allow such issue to be exploited and lead to RCE in some cases.

### POC

#### Reference
- https://wpscan.com/vulnerability/08edce3f-2746-4886-8439-76e44ec76fa8

#### Github
- https://github.com/20142995/nuclei-templates