CVE-2023-34027 - OpenCVE

Deserialization of Untrusted Data vulnerability in Rajnish Arora Recently Viewed Products.This issue affects Recently Viewed Products: from n/a through 1.0.0.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Rajarora795	Recently Viewed Products

Configuration 1 [-]

cpe:2.3:a:rajarora795:recently_viewed_products:*:*:*:*:*:wordpress:*:*

References

Link	Resource
https://patchstack.com/database/vulnerability/recently-viewed-products/wordpress-recently-viewed-products-plugin-1-0-0-php-object-injection-vulnerability?_s_id=cve	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Patchstack

Published: 2023-12-19T19:44:44.362Z

Updated: 2023-12-19T19:44:44.362Z

Reserved: 2023-05-25T12:13:20.690Z

Link: CVE-2023-34027

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-12-19T20:15:07.140

Modified: 2023-12-28T19:56:15.877

Link: CVE-2023-34027

JSON object: View

Redhat Information

No data.

CWE

CWE-502

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-34027", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2023-05-25T12:13:20.690Z", "datePublished": "2023-12-19T19:44:44.362Z", "dateUpdated": "2023-12-19T19:44:44.362Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "recently-viewed-products", "product": "Recently Viewed Products", "vendor": "Rajnish Arora", "versions": [{"lessThanOrEqual": "1.0.0", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Mika (Patchstack Alliance)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Deserialization of Untrusted Data vulnerability in Rajnish Arora Recently Viewed Products.<p>This issue affects Recently Viewed Products: from n/a through 1.0.0.</p>"}], "value": "Deserialization of Untrusted Data vulnerability in Rajnish Arora Recently Viewed Products.This issue affects Recently Viewed Products: from n/a through 1.0.0.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2023-12-19T19:44:44.362Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/recently-viewed-products/wordpress-recently-viewed-products-plugin-1-0-0-php-object-injection-vulnerability?_s_id=cve"}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress Recently Viewed Products Plugin <= 1.0.0 is vulnerable to PHP Object Injection", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}