CVE-2024-23512 - OpenCVE

Deserialization of Untrusted Data vulnerability in wpxpo ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks.This issue affects ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks: from n/a through 3.1.4.

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

No data.

No data.

References

Link	Resource
https://patchstack.com/database/vulnerability/product-blocks/wordpress-productx-plugin-3-1-4-php-object-injection-vulnerability?_s_id=cve

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Patchstack

Published: 2024-02-12T08:22:30.384Z

Updated: 2024-02-12T08:22:30.384Z

Reserved: 2024-01-17T18:18:40.118Z

Link: CVE-2024-23512

JSON object: View

NVD Information

Status : Awaiting Analysis

Published: 2024-02-12T09:15:11.913

Modified: 2024-02-12T14:19:54.330

Link: CVE-2024-23512

JSON object: View

Redhat Information

No data.

CWE

CWE-502

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2024-23512", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2024-01-17T18:18:40.118Z", "datePublished": "2024-02-12T08:22:30.384Z", "dateUpdated": "2024-02-12T08:22:30.384Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "product-blocks", "product": "ProductX \u2013 WooCommerce Builder & Gutenberg WooCommerce Blocks", "vendor": "wpxpo", "versions": [{"changes": [{"at": "3.1.5", "status": "unaffected"}], "lessThanOrEqual": "3.1.4", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Yudistira Arya (Patchstack Alliance)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Deserialization of Untrusted Data vulnerability in wpxpo ProductX \u2013 WooCommerce Builder & Gutenberg WooCommerce Blocks.<p>This issue affects ProductX \u2013 WooCommerce Builder & Gutenberg WooCommerce Blocks: from n/a through 3.1.4.</p>"}], "value": "Deserialization of Untrusted Data vulnerability in wpxpo ProductX \u2013 WooCommerce Builder & Gutenberg WooCommerce Blocks.This issue affects ProductX \u2013 WooCommerce Builder & Gutenberg WooCommerce Blocks: from n/a through 3.1.4.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-02-12T08:22:30.384Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/product-blocks/wordpress-productx-plugin-3-1-4-php-object-injection-vulnerability?_s_id=cve"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to 3.1.5 or a higher version."}], "value": "Update to\u00a03.1.5 or a higher version."}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress ProductX \u2013 Gutenberg WooCommerce Blocks Plugin <= 3.1.4 is vulnerable to PHP Object Injection", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}