### [CVE-2024-5932](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5932) ![](https://img.shields.io/static/v1?label=Product&message=GiveWP%20%E2%80%93%20Donation%20Plugin%20and%20Fundraising%20Platform&color=blue) ![](https://img.shields.io/static/v1?label=Version&message=*%3C%3D%203.14.1%20&color=brighgreen) ![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%20Deserialization%20of%20Untrusted%20Data&color=brighgreen) ### Description The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the 'give_title' parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to execute code remotely, and to delete arbitrary files. ### POC #### Reference - https://www.wordfence.com/blog/2024/08/4998-bounty-awarded-and-100000-wordpress-sites-protected-against-unauthenticated-remote-code-execution-vulnerability-patched-in-givewp-wordpress-plugin/ #### Github - https://github.com/0xb0mb3r/CVE-2024-8353-PoC - https://github.com/12442RF/POC - https://github.com/20142995/nuclei-templates - https://github.com/DMW11525708/wiki - https://github.com/EQSTLab/CVE-2024-5932 - https://github.com/EQSTLab/CVE-2024-8353 - https://github.com/Lern0n/Lernon-POC - https://github.com/Linxloop/fork_POC - https://github.com/Ostorlab/KEV - https://github.com/OxLmahdi/cve-2024-5932 - https://github.com/WhosGa/MyWiki - https://github.com/admin772/POC - https://github.com/adysec/POC - https://github.com/cisp-pte/POC-20241008-sec-fork - https://github.com/eeeeeeeeee-code/POC - https://github.com/greenberglinken/2023hvv_1 - https://github.com/hlc23/CVE-2024-5932-web-ui - https://github.com/iemotion/POC - https://github.com/laoa1573/wy876 - https://github.com/nomi-sec/PoC-in-GitHub - https://github.com/oLy0/Vulnerability - https://github.com/plbplbp/loudong001 - https://github.com/tk-1001/PHPexploit_pack