CVE-2024-30229

WordPress Give plugin <= 3.4.2 - PHP Object Injection vulnerability

CVSS 8 HIGHEPSS 0.6%CWE-502

In short

The WordPress Give plugin has a flaw that allows attackers to inject malicious code by sending specially crafted data. An attacker can exploit this to take control of the website or steal sensitive information.

Technical detail

A PHP object injection vulnerability in GiveWP <= 3.4.2 stems from unsafe deserialization of untrusted user-supplied data. An attacker can craft malicious serialized objects to execute arbitrary code with the privileges of the web server, potentially leading to remote code execution or data exfiltration.

Summary generated and translated by AI from the official description.

Deserialization of Untrusted Data vulnerability in StellarWP GiveWP give.This issue affects GiveWP: from n/a through <= 3.4.2.

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Affected products

StellarWP · GiveWP

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://patchstack.com/database/vulnerability/give/wordpress-give-plugin-3-4-2-php-object-injection-vulnerability?_s_id=cve https://patchstack.com/database/Wordpress/Plugin/give/vulnerability/wordpress-give-plugin-3-4-2-php-object-injection-vulnerability?_s_id=cve