CVE-2023-49819
WordPress Structured Content Plugin <= 1.5.3 is vulnerable to PHP Object Injection
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Deserialization of Untrusted Data vulnerability in Gordon Böhme, Antonio Leutsch Structured Content (JSON-LD) #wpsc.This issue affects Structured Content (JSON-LD) #wpsc: from n/a through 1.5.3.
Vulnerabilidad de deserialización de datos no confiables en Gordon Böhme, Antonio Leutsch Structured Content (JSON-LD) #wpsc. Este problema afecta el contenido estructurado (JSON-LD) #wpsc: desde n/a hasta 1.5.3.
The Structured Content (JSON-LD) #wpsc plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.5.3 via deserialization of untrusted input. This makes it possible for attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-11-30 CVE Reserved
- 2023-12-05 CVE Published
- 2024-08-02 CVE Updated
- 2024-12-24 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-502: Deserialization of Untrusted Data
CAPEC
References (1)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Wpsc-plugin Search vendor "Wpsc-plugin" | Structured Content Search vendor "Wpsc-plugin" for product "Structured Content" | <= 1.5.3 Search vendor "Wpsc-plugin" for product "Structured Content" and version " <= 1.5.3" | wordpress |
Affected
|