CVERadar

CVE-2024-1859

Medium Severity

Awplife

SVRS

30/100

CVSSv3

NA/10

EPSS

0.00711/1

CVE-2024-1859 is a PHP Object Injection vulnerability in the Slider Responsive Slideshow WordPress plugin, affecting versions up to 1.3.8. This flaw allows authenticated attackers with contributor-level access or higher to inject PHP Objects by deserializing untrusted input within the awl_slider_responsive_shortcode function. While the plugin itself lacks a known POP chain, the presence of a suitable POP chain in another installed plugin or theme could allow attackers to execute code, delete files, or steal sensitive information. The significance of this vulnerability lies in its potential to be chained with other vulnerabilities, leading to a more severe compromise. Although the CVSS score is 0, the associated SVRS of 30 indicates a potential risk, particularly in environments where other plugins or themes could complete a POP chain. Remediation should focus on mitigating deserialization risks and carefully auditing installed plugins for potential POP chains.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence

Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.

CREATE FREE ACCOUNT

CVE Details

Access comprehensive CVE information instantly

Real-time Tracking

Subscribe to CVEs and get instant updates

Exploit Analysis

Monitor related APT groups and threats

IOC Tracking

Analyze and track CVE-related IOCs

News

CVE-2024-1859 | Slider Responsive Slideshow Plugin up to 1.3.8 on WordPress code injection

vuldb.com2025-03-12

CVE-2024-1859 | Slider Responsive Slideshow Plugin up to 1.3.8 on WordPress code injection | A vulnerability was found in Slider Responsive Slideshow Plugin up to 1.3.8 on WordPress. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to code injection. This vulnerability is known as CVE-2024-1859. The attack can only be done within the local network. There is no exploit

vuldb.com

rss

forum

news

Social Media

No tweets found for this CVE

Affected Software

Configuration 1

Type	Vendor	Product
App	Awplife	slider_responsive_slideshow

References

Reference	Link
[email protected]	https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3041884%40slider-responsive-slideshow&new=3041884%40slider-responsive-slideshow&sfp_email=&sfph_mail=
[email protected]	https://www.wordfence.com/threat-intel/vulnerabilities/id/d35266cd-41e6-4358-afaa-bc008962f2e1?source=cve
AF854A3A-2127-422B-91AE-364DA2661108	https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3041884%40slider-responsive-slideshow&new=3041884%40slider-responsive-slideshow&sfp_email=&sfph_mail=
AF854A3A-2127-422B-91AE-364DA2661108	https://www.wordfence.com/threat-intel/vulnerabilities/id/d35266cd-41e6-4358-afaa-bc008962f2e1?source=cve
[email protected]	https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3041884%40slider-responsive-slideshow&new=3041884%40slider-responsive-slideshow&sfp_email=&sfph_mail=
[email protected]	https://www.wordfence.com/threat-intel/vulnerabilities/id/d35266cd-41e6-4358-afaa-bc008962f2e1?source=cve

CWE Details

CWE ID	CWE Name	Description
CWE-502	Deserialization of Untrusted Data	The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence