Deserialization of Untrusted Data Vulnerability Affects Giveaway Boost
CVE-2024-49332

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: Giveaway Boost
Vendor: CVE Published:; 20 October 2024

What is CVE-2024-49332?

The Giveaway Boost plugin is affected by a deserialization of untrusted data vulnerability, which permits object injection. This issue spans versions prior to 2.1.4, allowing attackers to potentially exploit the vulnerability to manipulate the application behavior. It's crucial for users to apply security measures to mitigate risks associated with untrusted data deserialization.

Affected Version(s)

Giveaway Boost 0 <= 2.1.4

References

https://patchstack.com/database/Wordpress/Plugin/giveaway...

vdb-entry

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 20, 2024
Vulnerability Reserved
Oct 14, 2024

Credit

Mika (Patchstack Alliance)

CVE-2024-49332 Data

JSON

WordPress

What is CVE-2024-49332?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit