Unauthenticated PHP Object Injection Vulnerability in Print Science Designer Plugin
CVE-2024-12312
8.1HIGH
Summary
The Print Science Designer plugin for WordPress is affected by a PHP Object Injection vulnerability across all versions up to and including 1.3.152. This vulnerability arises from the deserialization of untrusted input through the 'designer-saved-projects' cookie, allowing unauthenticated attackers to exploit the flaw. Although no known PHP Object Pattern (POP) chain exists within the vulnerable software, the presence of an additional plugin or theme that facilitates such a chain could grant attackers the ability to delete arbitrary files, access sensitive information, or execute malicious code.
Affected Version(s)
Print Science Designer * <= 1.3.152
References
CVSS V3.1
Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Brian Sans-Souci