Login Sign Up

CVE-2023-1347

7.2 HIGH
Deserialization

📋 TL;DR

This vulnerability in the Customizer Export/Import WordPress plugin allows authenticated administrators to perform PHP Object Injection by exploiting insecure deserialization of user input. Attackers could execute arbitrary code, potentially leading to complete site compromise. Only WordPress sites using vulnerable versions of this plugin are affected.

💻 Affected Systems

Products:
  • WordPress Customizer Export/Import Plugin
Versions: Versions before 0.9.6
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires admin-level access to exploit. WordPress multisite installations may have different privilege requirements.

📦 What is this software?

Customizer Export\/import by Fastlinemedia

View all CVEs affecting Customizer Export\/import →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete server compromise, data theft, malware installation, or site defacement.

🟠

Likely Case

Privilege escalation, arbitrary code execution within WordPress context, or data manipulation.

🟢

If Mitigated

Limited impact if proper access controls restrict admin privileges and plugin is isolated.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires admin access and a suitable PHP gadget chain. Public exploit details available in security advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.9.6

Vendor Advisory: https://wpscan.com/vulnerability/356a5977-c90c-4fc6-98ed-032d5b27f272

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Customizer Export/Import'. 4. Click 'Update Now' if available, or manually update to version 0.9.6+. 5. Verify update completed successfully.

🔧 Temporary Workarounds

Disable Plugin

all

Temporarily disable the vulnerable plugin until patching is possible.

wp plugin deactivate customizer-export-import

Restrict Admin Access

all

Implement strict access controls and review admin user accounts.

🧯 If You Can't Patch

  • Remove admin privileges from untrusted users and implement principle of least privilege.
  • Implement web application firewall rules to block serialized object payloads.

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → Customizer Export/Import → Version. If version is below 0.9.6, system is vulnerable.

Check Version:

wp plugin get customizer-export-import --field=version

Verify Fix Applied:

Confirm plugin version is 0.9.6 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

  • Unusual admin activity, POST requests to plugin endpoints with serialized data, unexpected file writes or process execution.

Network Indicators:

  • HTTP requests containing serialized PHP objects to /wp-admin/admin-ajax.php or plugin-specific endpoints.

SIEM Query:

source="wordpress" AND (uri_path="*customizer*" OR plugin="customizer-export-import") AND (http_method="POST" AND content="*O:*" OR content="*C:*")

📊 Metadata

CVE ID: CVE-2023-1347
CVSS v3 Score: 7.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-502
Published: May 8, 2023
Last Updated: February 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-1347, you might also want to check these:

CVE-2023-46604 10.0

CVE-2023-46604 is a critical remote code execution vulnerability in Apache ActiveMQ's Java OpenWire ...

Same vulnerability type (CWE-502)
CVE-2023-49772 10.0

This vulnerability allows unauthenticated attackers to execute arbitrary PHP code through deserializ...

Same vulnerability type (CWE-502)
CVE-2024-25100 10.0

This vulnerability allows unauthenticated attackers to inject malicious PHP objects via deserializat...

Same vulnerability type (CWE-502)