Lucene search

PatchstackCVELIST:CVE-2024-39636

HistoryAug 01, 2024 - 9:24 p.m.

CVE-2024-39636 WordPress Better Find and Replace plugin <= 1.6.1 - PHP Object Injection vulnerability

2024-08-0121:24:14

CWE-502

Patchstack

www.cve.org

wordpress

better find and replace

php object injection

deserialization

codesolz

CVSS3

8.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS

Percentile

9.4%

JSON

Deserialization of Untrusted Data vulnerability in CodeSolz Better Find and Replace.This issue affects Better Find and Replace: from n/a through 1.6.1.

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "real-time-auto-find-and-replace",
    "product": "Better Find and Replace",
    "vendor": "CodeSolz",
    "versions": [
      {
        "changes": [
          {
            "at": "1.6.2",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "1.6.1",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/real-time-auto-find-and-replace/wordpress-better-find-and-replace-plugin-1-6-1-php-object-injection-vulnerability?_s_id=cve

CVSS3

8.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS

Percentile

9.4%

JSON

Related for CVELIST:CVE-2024-39636