CVE-2024-1950

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Mar 13, 2024

Summary

CVE-2024-1950 is a vulnerability affecting the Product Carousel Slider & Grid Ultimate plugin for WooCommerce on WordPress. The issue lies in the plugin's deserialization of untrusted input via shortcode, allowing authenticated attackers with contributor access or higher to inject PHP Objects. No Pop chain is present in the plugin itself, but if one exists through additional plugins or themes, attackers could delete files, retrieve sensitive data, or execute code. Versions up to and including 1.9.7 are vulnerable.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/urW4Dr
https://www.cve.org/CVERecord?id=CVE-2024-1950
https://nvd.nist.gov/vuln/detail/CVE-2024-1950

Back to Vulnerability Database

CVE-2024-1950

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations