Lucene search

Veracode Vulnerability DatabaseVERACODE:46261

HistoryApr 08, 2024 - 4:22 a.m.

Insecure Deserialization

2024-04-0804:22:27

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

wordpress

insecure deserialization

remote code execution

wp_html_token

5.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

8.1 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

JSON

WordPress is vulnerable to Insecure Deserialization. The vulnerability is due to deserialization of untrusted data containing the instances of the WP_HTML_Token class. This can lead to remote code execution via the __destruct() magic method of the class.

CPENameOperatorVersion
wordpress:sideq5.5.3+dfsg1-1
wordpress:sideq5.6.1+dfsg1-1
wordpress:sideq5.5.3+dfsg1-1
wordpress:sideq5.6.1+dfsg1-1

Name	Operator	Version
wordpress:sid	eq	5.5.3+dfsg1-1
wordpress:sid	eq	5.6.1+dfsg1-1
wordpress:sid	eq	5.5.3+dfsg1-1
wordpress:sid	eq	5.6.1+dfsg1-1

References

github.com/WordPress/wordpress-develop/security/advisories/GHSA-m257-q4m5-j653

security-tracker.debian.org/tracker/CVE-2024-31211

5.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

8.1 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for VERACODE:46261