CVE-2024-49699
WordPress ARPrice plugin <= 4.0.3 - PHP Object Injection vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Deserialization of Untrusted Data vulnerability in NotFound ARPrice allows Object Injection. This issue affects ARPrice: from n/a through 4.0.3.
The ARPrice plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.0.3 via deserialization of untrusted input. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
WordPress ARPrice plugin versions 4.0.3 and below suffer from an authenticated PHP object injection vulnerability.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2024-10-17 CVE Reserved
- 2025-01-03 CVE Published
- 2025-01-14 First Exploit
- 2025-01-21 CVE Updated
- 2025-06-20 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-502: Deserialization of Untrusted Data
CAPEC
- CAPEC-586: Object Injection
References (3)
URL | Tag | Source |
---|---|---|
https://patchstack.com/database/wordpress/plugin/arprice/vulnerability/wordpress-arprice-plugin-4-0-3-php-object-injection-vulnerability?_s_id=cve | Vdb Entry |
URL | Date | SRC |
---|---|---|
https://packetstorm.news/files/id/188671 | 2025-01-14 | |
https://github.com/RandomRobbieBF/CVE-2024-49699 | 2025-01-14 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Arprice Search vendor "Arprice" | Arprice Search vendor "Arprice" for product "Arprice" | >= 0.0.0 <= 4.0.3 Search vendor "Arprice" for product "Arprice" and version " >= 0.0.0 <= 4.0.3" | en |
Affected
|