The Prisna GWT – Google Website Translator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.11 via deserialization of untrusted input from the 'prisna_import' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
Metrics
Affected Vendors & Products
References
History
Wed, 02 Oct 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Prisna google Website Translator
|
|
CPEs | cpe:2.3:a:prisna:google_website_translator:*:*:*:*:*:wordpress:*:* | |
Vendors & Products |
Prisna google Website Translator
|
Wed, 25 Sep 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Prisna
Prisna prisna Gwt-google Website Translator |
|
CPEs | cpe:2.3:a:prisna:prisna_gwt-google_website_translator:*:*:*:*:*:*:*:* | |
Vendors & Products |
Prisna
Prisna prisna Gwt-google Website Translator |
|
Metrics |
ssvc
|
Wed, 25 Sep 2024 03:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Prisna GWT – Google Website Translator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.11 via deserialization of untrusted input from the 'prisna_import' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | |
Title | Prisna GWT - Google Website Translator <= 1.4.11 - Authenticated (Admin+) PHP Object Injection | |
Weaknesses | CWE-502 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-09-25T03:27:39.955Z
Updated: 2024-09-25T14:10:27.990Z
Reserved: 2024-09-06T14:01:41.443Z
Link: CVE-2024-8514
Vulnrichment
Updated: 2024-09-25T14:09:57.176Z
NVD
Status : Analyzed
Published: 2024-09-25T04:15:04.563
Modified: 2024-10-02T19:59:17.080
Link: CVE-2024-8514
Redhat
No data.