CVE-2023-49772
WordPress Genesis Simple Love Plugin <= 2.0 is vulnerable to PHP Object Injection
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Deserialization of Untrusted Data vulnerability in Phpbits Creative Studio Genesis Simple Love.This issue affects Genesis Simple Love: from n/a through 2.0.
Vulnerabilidad de deserialización de datos no confiables en Phpbits Creative Studio Genesis Simple Love. Este problema afecta a Genesis Simple Love: desde n/a hasta 2.0.
The Genesis Simple Love plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-11-30 CVE Reserved
- 2023-12-05 CVE Published
- 2024-08-02 CVE Updated
- 2024-12-26 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-502: Deserialization of Untrusted Data
CAPEC
References (1)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Phpbits Search vendor "Phpbits" | Genesis Simple Love Search vendor "Phpbits" for product "Genesis Simple Love" | <= 2.0 Search vendor "Phpbits" for product "Genesis Simple Love" and version " <= 2.0" | wordpress |
Affected
| ||||||