How severe is CVE-2024-1773?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2024-1773?

This is classified as CWE-74, which is a common weakness in software security.

CVE-2024-1773 - HIGH Severity | CVSS 8.8

Vulnerability Description

The PDF Invoices and Packing Slips For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.7 via deserialization of untrusted input via the order_id parameter. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.

Related Vulnerabilities

CVE-2012-1496

HIGH

CVSS:8.8(High)

Local file inclusion in WebCalendar before 1.2.5.

CWE-742012

CVE-2013-3628

HIGH

CVSS:8.8(High)

Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability

CWE-742013

CVE-2014-5083

HIGH

CVSS:8.8(High)

A Command Execution vulnerability exists in Sphider before 1.3.6 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5083 p...

CWE-742014

CVE-2014-5084

HIGH

CVSS:8.8(High)

A Command Execution vulnerability exists in Sphider Pro 3.2 due to insufficient sanitization of fwrite, which could let a remote malicious user execute arbitrary code. CVE-2014-5084 pertains to instan...

CWE-742014

CVE-2014-5085

HIGH

CVSS:8.8(High)

A Command Execution vulnerability exists in Sphider Plus 3.2 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CVE-2014-5085 perta...

CWE-742014

CVE-2014-5086

HIGH

CVSS:8.8(High)

A Command Execution vulnerability exists in Sphider Pro, and Sphider Plus 3.2 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. CV...

CWE-742014