Vulnerability Summary for the Week of August 19, 2024

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source Info Patch Info
Liquid Web–GiveWP
 
Deserialization of Untrusted Data vulnerability in Liquid Web GiveWP allows Object Injection.This issue affects GiveWP: from n/a through 3.14.1. 2024-08-19 10 CVE-2024-37099 audit@patchstack.com
 
webdevmattcrom–GiveWP Donation Plugin and Fundraising Platform
 
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the ‘give_title’ parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to execute code remotely, and to delete arbitrary files. 2024-08-20 10 CVE-2024-5932 security@wordfence.com
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from Bulletins

Read the original article: