CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48026 – WordPress Disc Golf Manager plugin <= 1.0.0 - PHP Object Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-48026
Deserialization of Untrusted Data vulnerability in Grayson Robbins Disc Golf Manager allows Object Injection.This issue affects Disc Golf Manager: from n/a through 1.0.0. La vulnerabilidad de deserialización de datos no confiables en Grayson Robbins Disc Golf Manager permite la inyección de objetos. Este problema afecta a Disc Golf Manager: desde n/a hasta 1.0.0. The Disc Golf Manager plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.0.0 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. • https://patchstack.com/database/vulnerability/disc-golf-manager/wordpress-disc-golf-manager-plugin-1-0-0-php-object-injection-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •