nvd-json-data-feeds/CVE-2024/CVE-2024-54xx/CVE-2024-5488.json

{
  "id": "CVE-2024-5488",
  "sourceIdentifier": "contact@wpscan.com",
  "published": "2024-07-09T06:15:03.030",
  "lastModified": "2024-07-11T15:06:31.120",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The SEOPress  WordPress plugin before 7.9 does not properly protect some of its REST API routes, which combined with another Object Injection vulnerability can allow unauthenticated attackers to unserialize malicious gadget chains, compromising the site if a suitable chain is present."
    },
    {
      "lang": "es",
      "value": "El complemento SEOPress WordPress anterior a 7.9 no protege adecuadamente algunas de sus rutas API REST, lo que combinado con otra vulnerabilidad de inyecci\u00f3n de objetos puede permitir a atacantes no autenticados deserializar cadenas de dispositivos maliciosos, comprometiendo el sitio si hay una cadena adecuada presente."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9
      }
    ]
  },
  "references": [
    {
      "url": "https://wpscan.com/vulnerability/28507376-ded0-4e1a-b2fc-2182895aa14c/",
      "source": "contact@wpscan.com"
    }
  ]
}