CVE-2024-24796

Deserialization of Untrusted Data vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin.This issue affects Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin: from n/a through 4.1.1.

CVSS v3 8.2 HIGH

8.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.8

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://patchstack.com/database/vulnerability/mage-eventpress/wordpress-wpevently-plugin-4-1-1-php-object-injection-vulnerability?_s_id=cve	Third Party Advisory
https://patchstack.com/database/vulnerability/mage-eventpress/wordpress-wpevently-plugin-4-1-1-php-object-injection-vulnerability?_s_id=cve	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:mage-people:event_manager_and_tickets_selling_for_woocommerce:*:*:*:*:*:wordpress:*:*

History

No history.

Information

Published : 2024-02-12 08:15

Updated : 2024-11-21 08:59

NVD link : CVE-2024-24796

Mitre link : CVE-2024-24796

CVE.ORG link : CVE-2024-24796

JSON object : View

Products Affected

mage-people

event_manager_and_tickets_selling_for_woocommerce

CWE

CWE-502

Deserialization of Untrusted Data

{"id": "CVE-2024-24796", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "audit@patchstack.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.8, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-02-12T08:15:40.810", "references": [{"url": "https://patchstack.com/database/vulnerability/mage-eventpress/wordpress-wpevently-plugin-4-1-1-php-object-injection-vulnerability?_s_id=cve", "tags": ["Third Party Advisory"], "source": "audit@patchstack.com"}, {"url": "https://patchstack.com/database/vulnerability/mage-eventpress/wordpress-wpevently-plugin-4-1-1-php-object-injection-vulnerability?_s_id=cve", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "audit@patchstack.com", "description": [{"lang": "en", "value": "CWE-502"}]}], "descriptions": [{"lang": "en", "value": "Deserialization of Untrusted Data vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce \u2013 WpEvently \u2013 WordPress Plugin.This issue affects Event Manager and Tickets Selling Plugin for WooCommerce \u2013 WpEvently \u2013 WordPress Plugin: from n/a through 4.1.1.\n\n"}, {"lang": "es", "value": "Vulnerabilidad de deserializaci\u00f3n de datos no confiables en MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce \u2013 WpEvently \u2013 WordPress Plugin. Este problema afecta a Event Manager and Tickets Selling Plugin for WooCommerce \u2013 WpEvently \u2013 WordPress Plugin: desde n/a hasta 4.1.1."}], "lastModified": "2024-11-21T08:59:43.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mage-people:event_manager_and_tickets_selling_for_woocommerce:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "ACFF3A4A-0AD3-40AE-B915-EA9DC7EAD175", "versionEndExcluding": "4.1.2"}], "operator": "OR"}]}], "sourceIdentifier": "audit@patchstack.com"}