CVE-2024-9634 in GiveWP Plugininformation

Résumé

par MITRE • 16/10/2024

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.3 via deserialization of untrusted input from the give_company_name parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to achieve remote code execution.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Réserver

08/10/2024

Divulgation

16/10/2024

Modérer

accepté

Entrée

VDB-280378

CPE

prêt

EPSS

0.01399

KEV

non

Activités

très faible

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!