CVE-2024-43242

Deserialization of Untrusted Data vulnerability in azzaroco Ultimate Membership Pro allows Object Injection.This issue affects Ultimate Membership Pro: from n/a through 12.6.

CVSS v3 10.0 CRITICAL

10.0^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://patchstack.com/database/vulnerability/indeed-membership-pro/wordpress-indeed-ultimate-membership-pro-plugin-12-6-unauthenticated-php-object-injection-vulnerability?_s_id=cve	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:wpindeed:ultimate_membership_pro:*:*:*:*:*:wordpress:*:*

History

06 Sep 2024, 16:57

Type	Values Removed	Values Added
References	~~() https://patchstack.com/database/vulnerability/indeed-membership-pro/wordpress-indeed-ultimate-membership-pro-plugin-12-6-unauthenticated-php-object-injection-vulnerability?_s_id=cve -~~	() https://patchstack.com/database/vulnerability/indeed-membership-pro/wordpress-indeed-ultimate-membership-pro-plugin-12-6-unauthenticated-php-object-injection-vulnerability?_s_id=cve - Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~9.0~~	v2 : unknown v3 : 10.0
Summary		(es) La deserialización de la vulnerabilidad de datos no confiables en azzaroco Ultimate Membership Pro permite la inyección de objetos. Este problema afecta a Ultimate Membership Pro: desde n/a hasta 12.6.
First Time		Wpindeed ultimate Membership Pro Wpindeed
CPE		cpe:2.3:a:wpindeed:ultimate_membership_pro::::::wordpress::*

19 Aug 2024, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-19 18:15

Updated : 2024-09-06 16:57

NVD link : CVE-2024-43242

Mitre link : CVE-2024-43242

CVE.ORG link : CVE-2024-43242

JSON object : View

Products Affected

wpindeed

ultimate_membership_pro

CWE

CWE-502

Deserialization of Untrusted Data

10.0 /10