CVE-2024-12877

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jan 11, 2025
CWE ID 502

Summary

CVE-2024-12877: This vulnerability impacts the GiveWP – Donation Plugin and Fundraising Platform for WordPress. Unauthenticated attackers can exploit deserialization of untrusted input from donation forms, leading to PHP Object Injection. A POP chain enables attackers to delete arbitrary files, resulting in remote code execution. Versions up to 3.19.2 are affected. A patch was released in 3.19.4, but interim patches in 3.19.3 were insufficient. JSON encoding is recommended to mitigate further deserialization vulnerabilities.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share