CVE-2024-52433

Deserialization of Untrusted Data vulnerability in Mindstien Technologies My Geo Posts Free allows Object Injection.This issue affects My Geo Posts Free: from n/a through 1.2.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://patchstack.com/database/vulnerability/my-geo-posts-free/wordpress-my-geo-posts-free-plugin-1-2-php-object-injection-vulnerability?_s_id=cve	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:mindstien:my_geo_posts_free:*:*:*:*:*:wordpress:*:*

History

20 Nov 2024, 15:25

Type	Values Removed	Values Added
First Time		Mindstien Mindstien my Geo Posts Free
References	~~() https://patchstack.com/database/vulnerability/my-geo-posts-free/wordpress-my-geo-posts-free-plugin-1-2-php-object-injection-vulnerability?_s_id=cve -~~	() https://patchstack.com/database/vulnerability/my-geo-posts-free/wordpress-my-geo-posts-free-plugin-1-2-php-object-injection-vulnerability?_s_id=cve - Third Party Advisory
CPE		cpe:2.3:a:mindstien:my_geo_posts_free::::::wordpress::*

18 Nov 2024, 17:11

Type	Values Removed	Values Added
Summary		(es) La vulnerabilidad de deserialización de datos no confiables en My Geo Posts Free de Mindstien Technologies permite la inyección de objetos. Este problema afecta a My Geo Posts Free: desde n/a hasta 1.2.

18 Nov 2024, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-11-18 15:15

Updated : 2024-11-20 15:25

NVD link : CVE-2024-52433

Mitre link : CVE-2024-52433

CVE.ORG link : CVE-2024-52433

JSON object : View

Products Affected

mindstien

my_geo_posts_free

CWE

CWE-502

Deserialization of Untrusted Data

{"id": "CVE-2024-52433", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "audit@patchstack.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-11-18T15:15:08.130", "references": [{"url": "https://patchstack.com/database/vulnerability/my-geo-posts-free/wordpress-my-geo-posts-free-plugin-1-2-php-object-injection-vulnerability?_s_id=cve", "tags": ["Third Party Advisory"], "source": "audit@patchstack.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-502"}]}, {"type": "Secondary", "source": "audit@patchstack.com", "description": [{"lang": "en", "value": "CWE-502"}]}], "descriptions": [{"lang": "en", "value": "Deserialization of Untrusted Data vulnerability in Mindstien Technologies My Geo Posts Free allows Object Injection.This issue affects My Geo Posts Free: from n/a through 1.2."}, {"lang": "es", "value": "La vulnerabilidad de deserializaci\u00f3n de datos no confiables en My Geo Posts Free de Mindstien Technologies permite la inyecci\u00f3n de objetos. Este problema afecta a My Geo Posts Free: desde n/a hasta 1.2."}], "lastModified": "2024-11-20T15:25:17.773", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mindstien:my_geo_posts_free:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "134DC1B9-FAF2-4BF2-9814-841A165ED576", "versionEndIncluding": "1.2"}], "operator": "OR"}]}], "sourceIdentifier": "audit@patchstack.com"}