CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31277 – WordPress Product Designer plugin <= 1.0.32 - PHP Object Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-31277
Deserialization of Untrusted Data vulnerability in PickPlugins Product Designer.This issue affects Product Designer: from n/a through 1.0.32. Vulnerabilidad de deserialización de datos no confiables en PickPlugins Product Designer. Este problema afecta a Product Designer: desde n/a hasta 1.0.32. The Product Designer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.32 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. • https://patchstack.com/database/vulnerability/product-designer/wordpress-product-designer-plugin-1-0-32-php-object-injection-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •