exploitDog

CVE-2024-3591

Опубликовано: 01 мая 2024

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

The Geo Controller WordPress plugin before 8.6.5 unserializes user input via some of its AJAX actions and REST API routes, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog.

Ссылки

https://wpscan.com/vulnerability/f85d8b61-eaeb-433c-b857-06ee4db5c7d5/
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/f85d8b61-eaeb-433c-b857-06ee4db5c7d5/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:infinitumform:geo_controller:*:*:*:*:*:wordpress:*:*

Версия до 8.6.5 (исключая)

EPSS

Процентиль: 61%

0.00411

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-502

Связанные уязвимости

GHSA-j9wj-h588-6g73

CVSS3: 6.5

github

почти 2 года назад

The Geo Controller WordPress plugin before 8.6.5 unserializes user input via some of its AJAX actions and REST API routes, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog.

EPSS

Процентиль: 61%

0.00411

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-502