{"uuid": "a67f7f59-9e01-4517-86d3-c762c2bcdea0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-5932", "type": "published-proof-of-concept", "source": "https://t.me/malwarezh/24", "content": "#WordPress #GiveWP POP to RCE (#CVE-2024-5932 CVSS 10)\n\nThe GiveWP \u2013 Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the 'give_title' parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to execute code remotely, and to delete arbitrary files.\n\nPOC: https://github.com/EQSTSeminar/CVE-2024-5932\n\nSearch Query:\nHUNTER:  web.body=\"/wp-content/plugins/give\"\n\n\n========================\n\ud83c\udf10 Owner: @z3xrin \u2705\n\ud83c\udf10 Channel: @Malwarezh \n========================", "creation_timestamp": "2024-10-16T23:31:10.000000Z"}