EUVD-2024-26172

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Deserialization of Untrusted Data vulnerability in Themefic Tourfic affects versions up to 2.11.17

Reporter	Title	Published	Views	Family All 13
Circl	CVE-2024-29136	19 Mar 202415:27	–	circl
CNNVD	WordPress Plugin Tourfic Code Issue Vulnerability	19 Mar 202400:00	–	cnnvd
CVE	CVE-2024-29136	19 Mar 202413:48	–	cve
Cvelist	CVE-2024-29136 WordPress Tourfic plugin <= 2.11.17 - PHP Object Injection vulnerability	19 Mar 202413:48	–	cvelist
NVD	CVE-2024-29136	19 Mar 202414:15	–	nvd
OSV	CVE-2024-29136	19 Mar 202414:15	–	osv
Patchstack	WordPress Tourfic Plugin <= 2.11.17 is vulnerable to PHP Object Injection	18 Mar 202400:00	–	patchstack
Positive Technologies	PT-2024-22755 · Unknown · Themefic Tourfic	19 Mar 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-29136	5 Feb 202508:08	–	redhatcve
VulnCheck KEV	VulnCheck KEV: CVE-2024-29136	18 Mar 202400:00	–	vulncheck_kev

[
  {
    "enisaIdVendor": [
      {
        "id": "373e72ea-a1dd-375d-b8a1-5568d0692fbb",
        "vendor": {
          "name": "Themefic"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "4e8b8f9b-7b21-3e6c-a646-472e8cb9cb5f",
        "product": {
          "name": "Tourfic"
        },
        "product_version": "n/a ≤2.11.17"
      },
      {
        "id": "5bf7ada7-51fd-39b1-bc4e-86eb78bf2f0f",
        "product": {
          "name": "Tourfic"
        }
      }
    ]
  }
]

Source	Link
patchstack	www.patchstack.com/database/vulnerability/tourfic/wordpress-tourfic-plugin-2-11-17-php-object-injection-vulnerability

03 Oct 2025 20:07Current

8.8High risk

Vulners AI Score8.8

CVSS 3.18.5 - 8.8

EPSS0.00483

SSVC