CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-48030 – WordPress Telecash Ricaricaweb plugin <= 2.2 - PHP Object Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-48030
Deserialization of Untrusted Data vulnerability in Gabriele Valenti Telecash Ricaricaweb allows Object Injection.This issue affects Telecash Ricaricaweb: from n/a through 2.2. La vulnerabilidad de deserialización de datos no confiables en Gabriele Valenti Telecash Ricaricaweb permite la inyección de objetos. Este problema afecta a Telecash Ricaricaweb: desde n/a hasta 2.2. The Telecash Ricaricaweb plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.2 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. • https://patchstack.com/database/vulnerability/telecash-ricaricaweb/wordpress-telecash-ricaricaweb-plugin-2-2-php-object-injection-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •