CVE-2024-23512 - OpenCVE

Deserialization of Untrusted Data vulnerability in wpxpo ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks.This issue affects ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks: from n/a through 3.1.4.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Wpxpo	Wowstore

Configuration 1 [-]

cpe:2.3:a:wpxpo:wowstore:*:*:*:*:free:wordpress:*:*

No data.

References

Link	Providers
https://patchstack.com/database/vulnerability/product-blocks/wordpress-productx-plugin-3-1-4-php-object-injection-vulnerability?_s_id=cve

History

Tue, 08 Oct 2024 17:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Wpxpo Wpxpo wowstore
CPEs		cpe:2.3:a:wpxpo:wowstore:::::free:wordpress::
Vendors & Products		Wpxpo Wpxpo wowstore

MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2024-02-12T08:22:30.384Z

Updated: 2024-08-01T23:06:24.831Z

Reserved: 2024-01-17T18:18:40.118Z

Link: CVE-2024-23512

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2024-02-12T09:15:11.913

Modified: 2024-10-08T17:01:56.890

Link: CVE-2024-23512

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-23512", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2024-01-17T18:18:40.118Z", "datePublished": "2024-02-12T08:22:30.384Z", "dateUpdated": "2024-08-01T23:06:24.831Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "product-blocks", "product": "ProductX \u2013 WooCommerce Builder & Gutenberg WooCommerce Blocks", "vendor": "wpxpo", "versions": [{"changes": [{"at": "3.1.5", "status": "unaffected"}], "lessThanOrEqual": "3.1.4", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Yudistira Arya (Patchstack Alliance)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Deserialization of Untrusted Data vulnerability in wpxpo ProductX \u2013 WooCommerce Builder & Gutenberg WooCommerce Blocks.<p>This issue affects ProductX \u2013 WooCommerce Builder & Gutenberg WooCommerce Blocks: from n/a through 3.1.4.</p>"}], "value": "Deserialization of Untrusted Data vulnerability in wpxpo ProductX \u2013 WooCommerce Builder & Gutenberg WooCommerce Blocks.This issue affects ProductX \u2013 WooCommerce Builder & Gutenberg WooCommerce Blocks: from n/a through 3.1.4.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-02-12T08:22:30.384Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/product-blocks/wordpress-productx-plugin-3-1-4-php-object-injection-vulnerability?_s_id=cve"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to 3.1.5 or a higher version."}], "value": "Update to\u00a03.1.5 or a higher version."}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress ProductX \u2013 Gutenberg WooCommerce Blocks Plugin <= 3.1.4 is vulnerable to PHP Object Injection", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:06:24.831Z"}, "title": "CVE Program Container", "references": [{"tags": ["vdb-entry", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/product-blocks/wordpress-productx-plugin-3-1-4-php-object-injection-vulnerability?_s_id=cve"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wpxpo:wowstore:*:*:*:*:free:wordpress:*:*", "matchCriteriaId": "AEA02F3C-20AF-4574-B88B-1A51AA22BEAD", "versionEndExcluding": "3.1.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Deserialization of Untrusted Data vulnerability in wpxpo ProductX \u2013 WooCommerce Builder & Gutenberg WooCommerce Blocks.This issue affects ProductX \u2013 WooCommerce Builder & Gutenberg WooCommerce Blocks: from n/a through 3.1.4.\n\n"}, {"lang": "es", "value": "Vulnerabilidad de deserializaci\u00f3n de datos no confiables en wpxpo ProductX \u2013 WooCommerce Builder y Gutenberg WooCommerce Blocks. Este problema afecta a ProductX \u2013 WooCommerce Builder y Gutenberg WooCommerce Blocks: desde n/a hasta 3.1.4."}], "id": "CVE-2024-23512", "lastModified": "2024-10-08T17:01:56.890", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.8, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2024-02-12T09:15:11.913", "references": [{"source": "audit@patchstack.com", "tags": ["Third Party Advisory"], "url": "https://patchstack.com/database/vulnerability/product-blocks/wordpress-productx-plugin-3-1-4-php-object-injection-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "audit@patchstack.com", "type": "Primary"}]}