Deserialization of Untrusted Data Vulnerability Allows Object Injection in Airin Blog
CVE-2024-52413

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: Airin Blog
Vendor: CVE Published:; 16 November 2024

Summary

The DMC Airin Blog product has a vulnerability related to the deserialization of untrusted data, which allows for object injection. This issue can lead to unauthorized actions, potential data breaches, and compromise of user data integrity. The affected versions range from n/a to 1.6.1. Users and administrators are advised to review their installations and apply any available security patches to mitigate risks associated with this vulnerability.

Affected Version(s)

Airin Blog <= 1.6.1

References

https://patchstack.com/database/vulnerability/airin-blog/...

vdb-entry

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 16, 2024
Vulnerability Reserved
Nov 11, 2024

Credit

Mika (Patchstack Alliance)