Update GobyVuls-Document.md

GobyVuls-Document.md

@@ -1,7 +1,20 @@
 # Goby History Update Vulnerability Total Document (Continuously Update) 
 The following content is an updated vulnerability from Goby. Some of the vulnerabilities are recorded on the screen for easy viewing.
 
-**Updated document date: August 6, 2024** 
+**Updated document date: October 11, 2024** 
+
+## 	GiveWP WordPress Plugin /admin-ajax.php Command Execution Vulnerability (CVE-2024-8353)
+|   **Vulnerability**  | GiveWP WordPress Plugin /admin-ajax.php Command Execution Vulnerability (CVE-2024-8353)|
+| :----:   | :-----|
+|  **Chinese name**  |	WordPress GiveWP 插件 /admin-ajax.php 命令执行漏洞（CVE-2024-8353） |
+| **CVSS core**  | 		9.30 |
+| **FOFA Query**  (click to view the results directly)|  [body="/wp-content/plugins/give/" && body="wp-includes"]
+| **Number of assets affected**  | 48,042 |
+| **Description**  |GiveWP is a very popular WordPress plugin designed for non-profit organizations and individuals to accept online donations. |
+| **Impact** | A PHP object injection vulnerability exists in the GiveWP Donation Plugin and Fundraising Platform Plugin for WordPress, affecting all versions up to and including version 3.16.1. The vulnerability is generated by deserializing several parameters (such as 'give_title' and 'card_address') of untrustworthy input. This allows an unauthenticated attacker to inject PHP objects. In addition, the presence of a POP chain allows an attacker to delete arbitrary files and enable remote code execution.
+| **Affected versions** |affecting all versions up to and including version 3.16.1
+![](https://s3.bmp.ovh/imgs/2024/10/11/c4f2085c1fcb37c8.gif)
+
 
 ## 	Apache OFbiz /ProgramExport Command Execution Vulnerability(CVE-2024-38856)
 |   **Vulnerability**  | Apache OFbiz /ProgramExport Command Execution Vulnerability(CVE-2024-38856)|