Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2024-5488
HistoryJul 09, 2024 - 6:15 a.m.

CVE-2024-5488

2024-07-0906:15:03
[email protected]
web.nvd.nist.gov
7
seopress
wordpress
rest api
vulnerability
object injection
unauthenticated attackers
gadget chains
site compromise

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

9.2%

JSON

The SEOPress WordPress plugin before 7.9 does not properly protect some of its REST API routes, which combined with another Object Injection vulnerability can allow unauthenticated attackers to unserialize malicious gadget chains, compromising the site if a suitable chain is present.

Related

cvelist 1
cve 1
vulnrichment 1
cvelist
cvelist
CVE-2024-5488 SEOPress < 7.9 - Unauthenticated Object Injection
2024-07-09 06:00:04
cve
cve
CVE-2024-5488
2024-07-09 06:15:03
vulnrichment
vulnrichment
CVE-2024-5488 SEOPress < 7.9 - Unauthenticated Object Injection
2024-07-09 06:00:04

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

9.2%

JSON
Related for NVD:CVE-2024-5488
cvelist1cve1vulnrichment1