The Prisna GWT – Google Website Translator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.11 via deserialization of untrusted input from the 'prisna_import' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
Metrics
Affected Vendors & Products
References
History
Wed, 25 Sep 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Prisna
Prisna prisna Gwt-google Website Translator |
|
CPEs | cpe:2.3:a:prisna:prisna_gwt-google_website_translator:*:*:*:*:*:*:*:* | |
Vendors & Products |
Prisna
Prisna prisna Gwt-google Website Translator |
|
Metrics |
ssvc
|
Wed, 25 Sep 2024 03:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Prisna GWT – Google Website Translator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.11 via deserialization of untrusted input from the 'prisna_import' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | |
Title | Prisna GWT - Google Website Translator <= 1.4.11 - Authenticated (Admin+) PHP Object Injection | |
Weaknesses | CWE-502 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-09-25T03:27:39.955Z
Updated: 2024-09-25T14:10:27.990Z
Reserved: 2024-09-06T14:01:41.443Z
Link: CVE-2024-8514
Vulnrichment
Updated: 2024-09-25T14:09:57.176Z
NVD
Status : Awaiting Analysis
Published: 2024-09-25T04:15:04.563
Modified: 2024-09-26T13:32:02.803
Link: CVE-2024-8514
Redhat
No data.