High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source Info | Patch Info |
---|---|---|---|---|---|
Liquid Web–GiveWP |
Deserialization of Untrusted Data vulnerability in Liquid Web GiveWP allows Object Injection.This issue affects GiveWP: from n/a through 3.14.1. | 2024-08-19 | 10 | CVE-2024-37099 | audit@patchstack.com |
webdevmattcrom–GiveWP Donation Plugin and Fundraising Platform |
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the ‘give_title’ parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to execute code remotely, and to delete arbitrary files. | 2024-08-20 | 10 | CVE-2024-5932 | security@wordfence.com […] Content was cut in order to protect the source.Please visit the source for the rest of the article. This article has been indexed from Bulletins
Read the original article: Post navigation |