Deserialization of Untrusted Data Vulnerability Affects PropertyHive
CVE-2024-23513

8.7HIGH

Key Information:

Vendor

WordPress

Vendor
CVE Published:
12 February 2024

What is CVE-2024-23513?

A deserialization of untrusted data vulnerability in the PropertyHive plugin can allow attackers to exploit insecure data handling. This issue is observed in the PropertyHive plugin versions up to 2.0.5, potentially leading to unauthorized access or manipulation of data within the application, impacting overall security and data integrity.

Affected Version(s)

PropertyHive <= 2.0.5

References

CVSS V3.1

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Yudistira Arya (Patchstack Alliance)
.
The Cyber Security Vulnerability Database.