Lucene search

WordfenceVULNRICHMENT:CVE-2024-5932

HistoryAug 20, 2024 - 2:03 a.m.

CVE-2024-5932 GiveWP – Donation Plugin and Fundraising Platform <= 3.14.1 - Unauthenticated PHP Object Injection to Remote Code Execution

2024-08-2002:03:16

CWE-502

Wordfence

github.com

cve-2024-5932

givewp

donation plugin

fundraising platform

unauthenticated

php object injection

remote code execution

wordpress

vulnerable

deserialization

pop chain

attackers

arbitrary files

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

0.639

Percentile

97.9%

SSVC

Exploitation

poc

Automatable

yes

Technical Impact

total

JSON

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the ‘give_title’ parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to execute code remotely, and to delete arbitrary files.

CNA Affected

[
  {
    "vendor": "webdevmattcrom",
    "product": "GiveWP – Donation Plugin and Fundraising Platform",
    "versions": [
      {
        "status": "affected",
        "version": "*",
        "versionType": "semver",
        "lessThanOrEqual": "3.14.1"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:givewp:givewp:*:*:*:*:*:wordpress:*:*"
    ],
    "vendor": "givewp",
    "product": "givewp",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "versionType": "semver",
        "lessThanOrEqual": "3.14.1"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

plugins.trac.wordpress.org/browser/give/tags/3.12.0/includes/login-register.php#L235

plugins.trac.wordpress.org/browser/give/tags/3.12.0/includes/process-donation.php#L420

plugins.trac.wordpress.org/browser/give/tags/3.12.0/src/DonorDashboards/Tabs/EditProfileTab/AvatarRoute.php#L51

plugins.trac.wordpress.org/browser/give/tags/3.12.0/vendor/tecnickcom/tcpdf/tcpdf.php#L7861

plugins.trac.wordpress.org/browser/give/tags/3.12.0/vendor/vendor-prefixed/fakerphp/faker/src/Faker/ValidGenerator.php#L80

plugins.trac.wordpress.org/changeset/3132247/

www.wordfence.com/blog/2024/08/4998-bounty-awarded-and-100000-wordpress-sites-protected-against-unauthenticated-remote-code-execution-vulnerability-patched-in-givewp-wordpress-plugin/

www.wordfence.com/threat-intel/vulnerabilities/id/93e2d007-8157-42c5-92ad-704dc80749a3?source=cve