cve/2024/CVE-2024-5932.md

CVE-2024-5932

Description

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the 'give_title' parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to execute code remotely, and to delete arbitrary files.

POC

Reference

• https://www.wordfence.com/blog/2024/08/4998-bounty-awarded-and-100000-wordpress-sites-protected-against-unauthenticated-remote-code-execution-vulnerability-patched-in-givewp-wordpress-plugin/

Github

• https://github.com/0xb0mb3r/CVE-2024-8353-PoC
• https://github.com/12442RF/POC
• https://github.com/20142995/nuclei-templates
• https://github.com/DMW11525708/wiki
• https://github.com/EQSTLab/CVE-2024-5932
• https://github.com/EQSTLab/CVE-2024-8353
• https://github.com/Lern0n/Lernon-POC
• https://github.com/Linxloop/fork_POC
• https://github.com/Ostorlab/KEV
• https://github.com/OxLmahdi/cve-2024-5932
• https://github.com/WhosGa/MyWiki
• https://github.com/admin772/POC
• https://github.com/adysec/POC
• https://github.com/cisp-pte/POC-20241008-sec-fork
• https://github.com/eeeeeeeeee-code/POC
• https://github.com/greenberglinken/2023hvv_1
• https://github.com/hlc23/CVE-2024-5932-web-ui
• https://github.com/iemotion/POC
• https://github.com/laoa1573/wy876
• https://github.com/nomi-sec/PoC-in-GitHub
• https://github.com/oLy0/Vulnerability
• https://github.com/plbplbp/loudong001
• https://github.com/tk-1001/PHPexploit_pack