Deserialization of Untrusted Data Vulnerability Affects PickPlugins Product Designer
CVE-2024-31277

8.7HIGH

Key Information:

Vendor: WordPress
Status: Product Designer
Vendor: CVE Published:; 7 April 2024

What is CVE-2024-31277?

A deserialization of untrusted data vulnerability exists in PickPlugins Product Designer, specifically impacting versions prior to 1.0.32. This security issue could potentially allow an attacker to exploit untrusted data, leading to unauthorized actions on WordPress sites. Users of the affected plugin are advised to update to the latest version to mitigate the risk associated with this vulnerability. Ensuring the security of your web applications is critical to safeguard sensitive data and maintain user trust.

Affected Version(s)

Product Designer <= 1.0.32

References

https://patchstack.com/database/vulnerability/product-des...

vdb-entry

CVSS V3.1

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 7, 2024
Vulnerability Reserved
Mar 29, 2024

Credit

Yudistira Arya (Patchstack Alliance)