CVE-2024-12312

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Dec 12, 2024
CWE ID 502

Summary

CVE-2024-12312 is a vulnerability affecting the Print Science Designer plugin for WordPress. The issue lies in the plugin's handling of the 'designer-saved-projects' cookie, which is vulnerable to PHP Object Injection through deserialization of untrusted input. This weakness enables unauthenticated attackers to inject a PHP Object. While no Pop chain has been identified in the vulnerable software, the presence of such a chain via an additional plugin or theme could potentially allow the attacker to perform actions such as deleting arbitrary files, retrieving sensitive data, or executing code. WordPress users running versions up to and including 1.3.152 of the Print Science Designer plugin are advised to update to a patched version as soon as possible to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share