Undergoing Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
CVE has been recently published to the CVE List and has been received by the NVD.
Products
WP MEDIA SAS Search & Replace
- n/a
- 3.2.2
Source
audit@patchstack.com
Tags
CVE-2024-38759 details
Published : July 22, 2024, 11:15 a.m.
Last Modified : July 22, 2024, 1 p.m.
Last Modified : July 22, 2024, 1 p.m.
Description
Deserialization of Untrusted Data vulnerability in WP MEDIA SAS Search & Replace.This issue affects Search & Replace: from n/a through 3.2.2.
CVSS Score
| 1 | 2 | 3 | 4 | 5.4 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-502 | Deserialization of Untrusted Data | The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
Base Score
5.4
Exploitability Score
2.2
Impact Score
2.7
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N
References
| URL | Source |
|---|---|
| https://patchstack.com/database/vulnerability/search-and-replace/wordpress-search-replace-plugin-3-2-2-deserialization-of-untrusted-data-vulnerability?_s_id=cve | audit@patchstack.com |
This website uses the NVD API, but is not approved or certified by it.