CVE-2024-8922

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Sep 27, 2024
Updated: Sep 30, 2024
CWE ID 502

Summary

CVE-2024-8922 affects the Product Enquiry for WooCommerce plugin for WordPress, specifically in all versions up to and including 2.2.33.32, which is susceptible to PHP Object Injection due to the deserialization of untrusted input in enquiry_detail.php. This vulnerability allows authenticated attackers with Author-level access to inject a PHP object, potentially enabling them to delete files, retrieve sensitive information, or execute arbitrary code if a suitable payload chain is present through other plugins or themes. The risk is categorized as high, with a CVSS base score of 8.8, indicating significant potential impacts on confidentiality and integrity. Organizations using this plugin should immediately update to the latest version to mitigate the risk associated with this vulnerability. Failure to remediate can lead to severe breaches of data security and system integrity.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share