Lucene search

K
cve[email protected]CVE-2024-2006
HistoryMar 13, 2024 - 4:15 p.m.

CVE-2024-2006

2024-03-1316:15:30
web.nvd.nist.gov
16
wordpress
post grid
slider & carousel ultimate
plugin
vulnerability
cve-2024-2006
php object injection
authenticated attackers
contributor-level access
pop chain

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.7 via deserialization of untrusted input in the outpost_shortcode_metabox_markup function. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.

Affected configurations

Vulners
Node
wpwaxpost_grid\,_slider_\&_carousel_ultimateRange1.6.7
VendorProductVersionCPE
wpwaxpost_grid\,_slider_\&_carousel_ultimate*cpe:2.3:a:wpwax:post_grid\,_slider_\&_carousel_ultimate:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "vendor": "wpwax",
    "product": "Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "1.6.7",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

Related for CVE-2024-2006