WordPress Crew HRM plugin <= 1.1.1 - PHP Object Injection vulnerability
CVE-2024-43252

9CRITICAL

Key Information:

Vendor: WordPress
Status: Crew Hrm
Vendor: CVE Published:; 19 August 2024

What is CVE-2024-43252?

A vulnerability in Crew HRM related to the deserialization of untrusted data has been identified, allowing for object injection. This issue can potentially lead to unauthorized access and manipulation of objects within the application. It affects versions from n/a through 1.1.1, making it crucial for users and administrators to take immediate action to secure their systems. Regular updates and security patches should be a priority to mitigate risks associated with this type of vulnerability.

Affected Version(s)

Crew HRM 0 <= 1.1.1

References

https://patchstack.com/database/Wordpress/Plugin/hr-manag...

vdb-entry

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 19, 2024

Credit

CatFather (Patchstack Alliance)

CVE-2024-43252 Data

JSON