8.7
CVE-2024-31277
- EPSS 0.47%
- Veröffentlicht 07.04.2024 18:15:10
- Zuletzt bearbeitet 28.04.2026 19:24:20
- Quelle audit@patchstack.com
- CVE-Watchlists
- Unerledigt
WordPress Product Designer plugin <= 1.0.32 - PHP Object Injection vulnerability
Product Designer <= 1.0.32 - Unauthenticated PHP Object Injection
Deserialization of Untrusted Data vulnerability in PickPlugins Product Designer.This issue affects Product Designer: from n/a through 1.0.32.
Mögliche Gegenmaßnahme
PickPlugins Product Designer for WooCommerce: Update to version 1.0.33, or a newer patched version
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginWeitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
PickPlugins Product Designer for WooCommerce
Version
*-1.0.32
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.47% | 0.367 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.7 | 2.2 | 5.8 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
|
| audit@patchstack.com | 8.7 | 2.2 | 5.8 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
|
CWE-502 Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
https://patchstack.com/database/vulnerability/product-designer/wordpress-product-designer-plugin-1-0-32-php-object-injection-vulnerability?_s_id=cve
https://www.wordfence.com/threat-intel/vulnerabilities/id/c28e2aba-73eb-43f9-bae9-a78a67e6207c