9.8
CVE-2025-0767
- EPSS 0.43%
- Veröffentlicht 27.02.2025 19:15:49
- Zuletzt bearbeitet 21.05.2025 17:06:08
- Quelle help@fluidattacks.com
- CVE-Watchlists
- Unerledigt
WP Activity Log 5.3.2 - Insecure deserialization
WP Activity Log <= 5.3.2 - Authenticated (Admin+) PHP Object Injection
WP Activity Log 5.3.2 was found to be vulnerable. Unvalidated user input is used directly in an unserialize function in myapp/classes/Writers/class-csv-writer.php.
Mögliche Gegenmaßnahme
WP Activity Log: Update to version 5.3.3, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Melapress ≫ Wp Activity Log Version5.3.2 SwPlatformwordpress
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginWeitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
WP Activity Log
Version
*-5.3.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.43% | 0.345 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| help@fluidattacks.com | 6.3 | 0 | 0 |
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-502 Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
https://co.wordpress.org/plugins/wp-security-audit-log/
https://fluidattacks.com/advisories/skims-9/
https://www.wordfence.com/threat-intel/vulnerabilities/id/cd731f89-8811-4068-ab34-3cee8cc7d089