CVE-2024-9634 in GiveWP Pluginthông tin

Tóm tắt

Bởi MITRE • 16/10/2024

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.3 via deserialization of untrusted input from the give_company_name parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to achieve remote code execution.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Đặt trước

08/10/2024

Tiết lộ

16/10/2024

Kiểm duyệt

được chấp nhận

EPSS

0.01399

KEV

không

Các hoạt động

rất thấp

Nguồn

Want to know what is going to be exploited?

We predict KEV entries!