The Prisna GWT – Google Website Translator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.11 via deserialization of untrusted input from the 'prisna_import' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
History

Wed, 02 Oct 2024 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Prisna google Website Translator
CPEs cpe:2.3:a:prisna:google_website_translator:*:*:*:*:*:wordpress:*:*
Vendors & Products Prisna google Website Translator

Wed, 25 Sep 2024 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Prisna
Prisna prisna Gwt-google Website Translator
CPEs cpe:2.3:a:prisna:prisna_gwt-google_website_translator:*:*:*:*:*:*:*:*
Vendors & Products Prisna
Prisna prisna Gwt-google Website Translator
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 25 Sep 2024 03:45:00 +0000

Type Values Removed Values Added
Description The Prisna GWT – Google Website Translator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.11 via deserialization of untrusted input from the 'prisna_import' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
Title Prisna GWT - Google Website Translator <= 1.4.11 - Authenticated (Admin+) PHP Object Injection
Weaknesses CWE-502
References
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2024-09-25T03:27:39.955Z

Updated: 2024-09-25T14:10:27.990Z

Reserved: 2024-09-06T14:01:41.443Z

Link: CVE-2024-8514

cve-icon Vulnrichment

Updated: 2024-09-25T14:09:57.176Z

cve-icon NVD

Status : Analyzed

Published: 2024-09-25T04:15:04.563

Modified: 2024-10-02T19:59:17.080

Link: CVE-2024-8514

cve-icon Redhat

No data.