Lucene search

PatchstackCVELIST:CVE-2024-43242

HistoryAug 19, 2024 - 5:09 p.m.

CVE-2024-43242 WordPress Indeed Ultimate Membership Pro plugin <= 12.6 - Unauthenticated PHP Object Injection vulnerability

2024-08-1917:09:19

CWE-502

Patchstack

www.cve.org

wordpress

ultimate membership pro

object injection

deserialization

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS

0.001

Percentile

31.6%

JSON

Deserialization of Untrusted Data vulnerability in azzaroco Ultimate Membership Pro allows Object Injection.This issue affects Ultimate Membership Pro: from n/a through 12.6.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Ultimate Membership Pro",
    "vendor": "azzaroco",
    "versions": [
      {
        "lessThanOrEqual": "12.6",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/indeed-membership-pro/wordpress-indeed-ultimate-membership-pro-plugin-12-6-unauthenticated-php-object-injection-vulnerability?_s_id=cve

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS

0.001

Percentile

31.6%

JSON

Related for CVELIST:CVE-2024-43242