Lucene search

PatchstackCVE-2024-37099

HistoryAug 19, 2024 - 5:15 p.m.

CVE-2024-37099

2024-08-1917:15:07

CWE-502

Patchstack

web.nvd.nist.gov

liquid web givewp

untrusted data

deserialization

vulnerability

object injection

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

Percentile

9.5%

JSON

Deserialization of Untrusted Data vulnerability in Liquid Web GiveWP allows Object Injection.This issue affects GiveWP: from n/a through 3.14.1.

Affected configurations

Vulners

Vulnrichment

Node

liquid_webgivewpRange≤3.14.1wordpress

VendorProductVersionCPE
liquid_webgivewp*cpe:2.3:a:liquid_web:givewp:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
liquid_web	givewp	*	cpe:2.3:a:liquid_web:givewp::::::wordpress::*

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "give",
    "product": "GiveWP",
    "vendor": "Liquid Web",
    "versions": [
      {
        "changes": [
          {
            "at": "3.14.2",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "3.14.1",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/give/wordpress-givewp-plugin-3-14-1-unauthenticated-php-object-injection-vulnerability?_s_id=cve

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

Percentile

9.5%

JSON

Related for CVE-2024-37099