cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-8922,https://securityvulnerability.io/vulnerability/CVE-2024-8922,WooCommerce Product Catalog Plugin Vulnerable to PHP Object Injection,"The WooCommerce Product Enquiry plugin for WordPress is susceptible to a PHP Object Injection vulnerability due to deserialization of untrusted input in the enquiry_detail.php file. This vulnerability impacts all versions up to and including 2.2.33.32. Authenticated attackers with Author-level access or higher can exploit this weakness by injecting a PHP Object. Although no known PHP Object Pollution (POP) chain exists in the vulnerable software, it poses risks if a POP chain is introduced through additional plugins or themes on the target site. Exploitation could enable attackers to delete arbitrary files, retrieve sensitive information, or execute malicious code, thereby compromising the security of WordPress installations.",Wordpress,"Product Enquiry For WooCommerce, WooCommerce Product Catalog",8.8,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-09-27T05:31:03.421Z,0