CVE-2024-37099
CRITICAL EXPLOITEDGivewp < 3.14.2 - Insecure Deserialization
Title source: ruleDescription
Deserialization of Untrusted Data vulnerability in Liquid Web GiveWP allows Object Injection.This issue affects GiveWP: from n/a through 3.14.1.
Scores
CVSS v3
10.0
EPSS
0.0019
EPSS Percentile
40.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Exploitation Intel
VulnCheck KEV
2024-08-09
Classification
CWE
CWE-502
Status
published
Affected Products (1)
givewp/givewp
< 3.14.2
Timeline
Published
Aug 19, 2024
Tracked Since
Feb 18, 2026