CVE-2024-38759 - Vulnerability Details - OpenCVE

Deserialization of Untrusted Data vulnerability in WP MEDIA SAS Search & Replace search-and-replace.This issue affects Search & Replace: from n/a through 3.2.2.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00284.

Key SSVC decision points have not yet been added.

Vendors	Products
Wp-media	Search \& Replace

Configuration 1 [-]

cpe:2.3:a:wp-media:search_\&_replace:*:*:*:*:*:wordpress:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2024-37604	Deserialization of Untrusted Data vulnerability in WP MEDIA SAS Search & Replace search-and-replace.This issue affects Search & Replace: from n/a through 3.2.2.

Fixes

Solution

Update to 3.2.3 or a higher version.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://patchstack.com/database/vulnerability/search-and-replace/wordpress-search-replace-plugin-3-2-2-deserialization-of-untrusted-data-vulnerability?_s_id=cve

History

Tue, 27 Aug 2024 14:00:00 +0000

Type	Values Removed	Values Added
Description	Deserialization of Untrusted Data vulnerability in WP MEDIA SAS Search & Replace.This issue affects Search & Replace: from n/a through 3.2.2.	Deserialization of Untrusted Data vulnerability in WP MEDIA SAS Search & Replace search-and-replace.This issue affects Search & Replace: from n/a through 3.2.2.

Wed, 14 Aug 2024 17:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Wp-media Wp-media search \& Replace
CPEs		cpe:2.3:a:wp-media:search_\&_replace::::::wordpress::*
Vendors & Products		Wp-media Wp-media search \& Replace

MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2024-07-22T10:30:18.249Z

Updated: 2024-08-27T13:56:26.577Z

Reserved: 2024-06-19T11:17:27.404Z

Link: CVE-2024-38759

Vulnrichment

Updated: 2024-08-02T04:19:20.384Z

NVD

Status : Modified

Published: 2024-07-22T11:15:04.503

Modified: 2024-11-21T09:26:46.083

Link: CVE-2024-38759

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-38759", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2024-06-19T11:17:27.404Z", "datePublished": "2024-07-22T10:30:18.249Z", "dateUpdated": "2024-08-27T13:56:26.577Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "search-and-replace", "product": "Search & Replace", "vendor": "WP MEDIA SAS", "versions": [{"changes": [{"at": "3.2.3", "status": "unaffected"}], "lessThanOrEqual": "3.2.2", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Tr\u00ecnh V\u0169 / Sonicrrrr_ from VNPT-VCI (Patchstack Alliance)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Deserialization of Untrusted Data vulnerability in WP MEDIA SAS Search & Replace search-and-replace.<p>This issue affects Search & Replace: from n/a through 3.2.2.</p>"}], "value": "Deserialization of Untrusted Data vulnerability in WP MEDIA SAS Search & Replace search-and-replace.This issue affects Search & Replace: from n/a through 3.2.2."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-08-27T13:56:26.577Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/search-and-replace/wordpress-search-replace-plugin-3-2-2-deserialization-of-untrusted-data-vulnerability?_s_id=cve"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to 3.2.3 or a higher version."}], "value": "Update to\u00a03.2.3 or a higher version."}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress Search & Replace plugin <= 3.2.2 - Deserialization of untrusted data vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-22T11:46:04.327962Z", "id": "CVE-2024-38759", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-22T11:46:19.116Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:19:20.384Z"}, "title": "CVE Program Container", "references": [{"tags": ["vdb-entry", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/search-and-replace/wordpress-search-replace-plugin-3-2-2-deserialization-of-untrusted-data-vulnerability?_s_id=cve"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://patchstack.com/database/vulnerability/search-and-replace/wordpress-search-replace-plugin-3-2-2-deserialization-of-untrusted-data-vulnerability?_s_id=cve", "tags": ["vdb-entry", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:19:20.384Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-38759", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-22T11:46:04.327962Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-22T11:46:14.386Z"}}], "cna": {"title": "WordPress Search & Replace plugin <= 3.2.2 - Deserialization of untrusted data vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Tr\u00ecnh V\u0169 / Sonicrrrr_ from VNPT-VCI (Patchstack Alliance)"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "WP MEDIA SAS", "product": "Search & Replace", "versions": [{"status": "affected", "changes": [{"at": "3.2.3", "status": "unaffected"}], "version": "n/a", "versionType": "custom", "lessThanOrEqual": "3.2.2"}], "packageName": "search-and-replace", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update to\u00a03.2.3 or a higher version.", "supportingMedia": [{"type": "text/html", "value": "Update to 3.2.3 or a higher version.", "base64": false}]}], "references": [{"url": "https://patchstack.com/database/vulnerability/search-and-replace/wordpress-search-replace-plugin-3-2-2-deserialization-of-untrusted-data-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Deserialization of Untrusted Data vulnerability in WP MEDIA SAS Search & Replace search-and-replace.This issue affects Search & Replace: from n/a through 3.2.2.", "supportingMedia": [{"type": "text/html", "value": "Deserialization of Untrusted Data vulnerability in WP MEDIA SAS Search & Replace search-and-replace.<p>This issue affects Search & Replace: from n/a through 3.2.2.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-08-27T13:56:26.577Z"}}}, "cveMetadata": {"cveId": "CVE-2024-38759", "state": "PUBLISHED", "dateUpdated": "2024-08-27T13:56:26.577Z", "dateReserved": "2024-06-19T11:17:27.404Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2024-07-22T10:30:18.249Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wp-media:search_\\&_replace:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "5660AF1E-AC06-4EE1-BC96-9CFEAABB5E47", "versionEndIncluding": "3.2.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Deserialization of Untrusted Data vulnerability in WP MEDIA SAS Search & Replace search-and-replace.This issue affects Search & Replace: from n/a through 3.2.2."}, {"lang": "es", "value": " Vulnerabilidad de deserializaci\u00f3n de datos no confiables en WP MEDIA SAS Search & Replace. Este problema afecta a Search & Replace: desde n/a hasta 3.2.2."}], "id": "CVE-2024-38759", "lastModified": "2024-11-21T09:26:46.083", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 2.7, "source": "audit@patchstack.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-22T11:15:04.503", "references": [{"source": "audit@patchstack.com", "tags": ["Third Party Advisory"], "url": "https://patchstack.com/database/vulnerability/search-and-replace/wordpress-search-replace-plugin-3-2-2-deserialization-of-untrusted-data-vulnerability?_s_id=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://patchstack.com/database/vulnerability/search-and-replace/wordpress-search-replace-plugin-3-2-2-deserialization-of-untrusted-data-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-502"}], "source": "audit@patchstack.com", "type": "Secondary"}]}