CVE-2023-4971 is a high-severity vulnerability affecting the Weaver Xtreme Theme Support WordPress plugin versions prior to 6.3.1. The core issue is an unsafe deserialization of untrusted data (CWE-502) during the import process of theme-related files. Specifically, the plugin unserializes the content of an imported file without sufficient validation or sanitization. This flaw can lead to PHP object injection attacks if a high-privilege user (such as an administrator) imports a crafted malicious file. The vulnerability requires the presence of a suitable gadget chain within the WordPress environment to execute arbitrary code or manipulate application logic. Exploitation does not require user interaction beyond the import action, but it does require authenticated access with elevated privileges. The vulnerability impacts confidentiality, integrity, and availability, as it can allow attackers to execute arbitrary PHP code, potentially leading to full site compromise. The CVSS v3.1 base score is 7.2, reflecting network attack vector (remote exploitation), low attack complexity, high privileges required, no user interaction, and high impact on confidentiality, integrity, and availability. No known public exploits have been reported yet, but the vulnerability is considered critical due to the nature of PHP object injection and the widespread use of WordPress plugins.

For European organizations, this vulnerability poses a significant risk, especially for those relying on WordPress sites with the Weaver Xtreme Theme Support plugin installed. Successful exploitation could lead to full site compromise, data breaches, defacement, or use of the compromised site as a pivot point for further attacks within the organization's network. This is particularly concerning for businesses that handle sensitive customer data, e-commerce platforms, government portals, and media outlets using WordPress. The requirement for high privilege means that internal threat actors or compromised administrator accounts could be leveraged to exploit this vulnerability. Additionally, the ability to execute arbitrary PHP code could allow attackers to install backdoors, exfiltrate data, or disrupt services, impacting business continuity and regulatory compliance under GDPR and other European data protection laws.

1. Immediate upgrade to Weaver Xtreme Theme Support plugin version 6.3.1 or later, where the vulnerability is patched. 2. Restrict import functionality to only the most trusted administrators and audit import activities regularly. 3. Implement strict file validation and scanning on imported files, including checking for serialized objects and disallowing or sandboxing deserialization where possible. 4. Employ Web Application Firewalls (WAFs) with rules targeting suspicious deserialization patterns or known attack signatures related to PHP object injection. 5. Regularly review and minimize the number of high-privilege users to reduce the attack surface. 6. Monitor logs for unusual import activities or unexpected PHP object deserialization attempts. 7. Consider deploying runtime application self-protection (RASP) tools that can detect and block malicious deserialization at runtime. 8. Conduct security awareness training for administrators emphasizing the risks of importing files from untrusted sources.