cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-5649,https://securityvulnerability.io/vulnerability/CVE-2024-5649,Universal Slider Vulnerable to PHP Object Injection in WordPress,"The Universal Slider plugin for WordPress, up to and including version 1.6.5, is vulnerable to PHP Object Injection due to the deserialization of untrusted input through the 'fsl_get_gallery_value' function. This vulnerability allows authenticated users with Contributor-level access and higher to potentially inject PHP objects. Although no known proof of concept (POP) chain exists within the vulnerable software itself, if an additional plugin or theme included in the target system provides a POP chain, the attacker could exploit this vulnerability to delete arbitrary files, retrieve sensitive information, or execute malicious code.",Wordpress,Universal Slider,8.8,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-06-19T03:12:31.577Z,0