Vulnerabilites related to wpxpo - ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks
cve-2024-23512
Vulnerability from cvelistv5
Published
2024-02-12 08:22
Modified
2024-08-01 23:06
Severity ?
EPSS score ?
Summary
Deserialization of Untrusted Data vulnerability in wpxpo ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks.This issue affects ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks: from n/a through 3.1.4.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| wpxpo | ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks |
Version: n/a < |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-01T23:06:24.831Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vdb-entry", "x_transferred", ], url: "https://patchstack.com/database/vulnerability/product-blocks/wordpress-productx-plugin-3-1-4-php-object-injection-vulnerability?_s_id=cve", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://wordpress.org/plugins", defaultStatus: "unaffected", packageName: "product-blocks", product: "ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks", vendor: "wpxpo", versions: [ { changes: [ { at: "3.1.5", status: "unaffected", }, ], lessThanOrEqual: "3.1.4", status: "affected", version: "n/a", versionType: "custom", }, ], }, ], credits: [ { lang: "en", type: "finder", user: "00000000-0000-4000-9000-000000000000", value: "Yudistira Arya (Patchstack Alliance)", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Deserialization of Untrusted Data vulnerability in wpxpo ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks.<p>This issue affects ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks: from n/a through 3.1.4.</p>", }, ], value: "Deserialization of Untrusted Data vulnerability in wpxpo ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks.This issue affects ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks: from n/a through 3.1.4.\n\n", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502 Deserialization of Untrusted Data", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-02-12T08:22:30.384Z", orgId: "21595511-bba5-4825-b968-b78d1f9984a3", shortName: "Patchstack", }, references: [ { tags: [ "vdb-entry", ], url: "https://patchstack.com/database/vulnerability/product-blocks/wordpress-productx-plugin-3-1-4-php-object-injection-vulnerability?_s_id=cve", }, ], solutions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Update to 3.1.5 or a higher version.", }, ], value: "Update to 3.1.5 or a higher version.", }, ], source: { discovery: "EXTERNAL", }, title: "WordPress ProductX – Gutenberg WooCommerce Blocks Plugin <= 3.1.4 is vulnerable to PHP Object Injection", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "21595511-bba5-4825-b968-b78d1f9984a3", assignerShortName: "Patchstack", cveId: "CVE-2024-23512", datePublished: "2024-02-12T08:22:30.384Z", dateReserved: "2024-01-17T18:18:40.118Z", dateUpdated: "2024-08-01T23:06:24.831Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }