WordPress Rencontre – Dating Site Plugin <= 3.11.1 is vulnerable to PHP Object Injection
CVE-2023-51470

9.9CRITICAL

Key Information:

Vendor: WordPress
Status: Rencontre – Dating Site
Vendor: CVE Published:; 29 December 2023

What is CVE-2023-51470?

A deserialization vulnerability exists in Rencontre – Dating Site created by Jacques Malgrange. This vulnerability allows for the injection of untrusted data, potentially leading to unauthorized access and manipulation of server resources. It affects all versions from n/a through 3.11.1, making it critical for users to review their implementations and apply necessary security measures to protect against exploitation.

Affected Version(s)

Rencontre – Dating Site <= 3.11.1

References

https://patchstack.com/database/vulnerability/rencontre/w...

vdb-entry

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 29, 2023
Vulnerability Reserved
Dec 20, 2023

Credit

Rafie Muhammad (Patchstack)