CVE-2024-9314

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-9314
The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.228 via deserialization of untrusted input 'set_redirections' function. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.

7.2 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://plugins.trac.wordpress.org/browser/seo-by-rank-math/trunk/includes/admin/class-import-export.php#L507
https://plugins.trac.wordpress.org/browser/seo-by-rank-math/trunk/includes/admin/class-import-export.php#L514
https://plugins.trac.wordpress.org/changeset/3161896/
https://www.wordfence.com/threat-intel/vulnerabilities/id/af5ed47e-f183-4e72-a916-15020e2bc91e?source=cve
Configurations

No configuration.

History

05 Oct 2024, 12:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-10-05 12:15

Updated : 2024-10-07 17:48

NVD link : CVE-2024-9314

Mitre link : CVE-2024-9314

CVE.ORG link : CVE-2024-9314

JSON object : View

Products Affected

No product.

CWE
CWE-502

Deserialization of Untrusted Data


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024