CVE-2024-37099
published 2024-08-19CVE-2024-37099: Deserialization of Untrusted Data vulnerability in Liquid Web GiveWP allows Object Injection.This issue affects GiveWP: from n/a through 3.14.1.
PriorityP179critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.56%
42.2th percentile
Deserialization of Untrusted Data vulnerability in Liquid Web GiveWP allows Object Injection.This issue affects GiveWP: from n/a through 3.14.1.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| givewp | givewp | < 3.14.2 | 3.14.2 |
| liquid_web | givewp | n/a – 3.14.1 | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wgh2-2342-mm46: Deserialization of Untrusted Data vulnerability in Liquid Web GiveWP allows Object Injection
ghsa_unreviewed·2024-08-19
CVE-2024-37099 [CRITICAL] CWE-502 GHSA-wgh2-2342-mm46: Deserialization of Untrusted Data vulnerability in Liquid Web GiveWP allows Object Injection
Deserialization of Untrusted Data vulnerability in Liquid Web GiveWP allows Object Injection.This issue affects GiveWP: from n/a through 3.14.1.
VulnCheck
Liquid Web GiveWP Object Injection Vulnerability
vulncheck·2024·CVSS 10.0
CVE-2024-37099 [CRITICAL] Liquid Web GiveWP Object Injection Vulnerability
Liquid Web GiveWP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in Liquid Web GiveWP allows Object Injection.This issue affects GiveWP: from n/a through 3.14.1.
Affected: Liquid Web GiveWP
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://patchstack.com/database/vulnerability/give/wordpress-givewp-plugin-3-14-1-unauthenticated-php-object-injection-vulnerability
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-08-19
Published
Exploited in the wild