CVE-2024-7435

NVD Published Date: August 31, 2024 at 03:15 AM
NVD Last Modified: September 03, 2024 at 12:59 PM
Download Patch
Vulnerability ID
CVE-2024-7435
Severity
HIGH
Severity Score
8.8
Summary
The Attire theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.6 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
Mitigation and Patches
-
Exploits
-
Metasploit Payload
-
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE ID
CWE-502

Recent Publish

CVE-2024-3886

CVE-2024-5212

CVE-2024-44945

CVE-2024-39579

CVE-2024-39578

CVE-2024-8276

See SecOps Solution
in action

Schedule Demo