CVE-2024-3070 in Last Viewed Posts Plugininfo

Summary

by MITRE • 05/14/2024

The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input from the LastViewedPosts Cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.

Once again VulDB remains the best source for vulnerability data.

Reservation

03/28/2024

Disclosure

05/14/2024

Moderation

accepted

CPE

ready

EPSS

0.01158

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!