The joomsport_md_load AJAX action of the JoomSport WordPress plugin before 5.1.8, registered for both unauthenticated and unauthenticated users, unserialised user input from the shattr POST parameter, leading to a PHP Object Injection issue. Even though the plugin does not have a suitable gadget chain to exploit this, other installed plugins could, which might lead to more severe issues such as RCE
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/fb6c407c-713c-4e83-92ce-4e5f791be696 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2021-07-06T11:03:27
Updated: 2021-07-06T11:03:27
Reserved: 2021-01-14T00:00:00
Link: CVE-2021-24384
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-07-06T11:15:08.777
Modified: 2021-07-09T11:38:24.567
Link: CVE-2021-24384
JSON object: View
Redhat Information
No data.
CWE