Untrusted Data Deserialization Vulnerability Affects WDES Mobile Menu
CVE-2024-52414

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: Wdes Responsive Mobile Menu
Vendor: CVE Published:; 16 November 2024

Summary

The vulnerability in the WDES Responsive Mobile Menu, created by Anthony Carbon, is a serious issue that allows for the deserialization of untrusted data. This flaw enables attackers to perform object injection, posing significant security risks to affected systems and data integrity. All versions from n/a to 5.3.18 are susceptible, highlighting the urgent need for users to address this vulnerability to mitigate potential exploits.

Affected Version(s)

WDES Responsive Mobile Menu <= 5.3.18

References

https://patchstack.com/database/vulnerability/wdes-respon...

vdb-entry

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 16, 2024
Vulnerability Reserved
Nov 11, 2024

Credit

Mika (Patchstack Alliance)