Multiple WordPress Plugins Vulnerabilities

Severity

High

Analysis Summary

CVE-2024-52449 CVSS:7.5

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Navneil Naicer Bootscraper allows PHP Local File Inclusion.This issue affects Bootscraper: from n/a through 2.1.0.

CVE-2024-52439 CVSS:9.8

Deserialization of Untrusted Data vulnerability in Mark O’Donnell Team Rosters allows Object Injection.This issue affects Team Rosters: from n/a through 4.6.

CVE-2024-52440 CVSS:9.8

Deserialization of Untrusted Data vulnerability in Bueno Labs Pvt. Ltd. Xpresslane Fast Checkout allows Object Injection.This issue affects Xpresslane Fast Checkout: from n/a through 1.0.0.

CVE-2024-52443 CVSS:9.8

Deserialization of Untrusted Data vulnerability in Nerijus Masikonis Geolocator allows Object Injection.This issue affects Geolocator: from n/a through 1.1.

Impact

Gain Access

Indicators of Compromise

CVE

CVE-2024-52449
CVE-2024-52439
CVE-2024-52440
CVE-2024-52443

Affected Vendors

WordPress

Affected Products

Navneil Naicer Bootscraper - n/a
Rosters Plugin = 4.6
Xpresslane Fast Checkout Plugin = 1.0.0
Geolocator Plugin = 1.1

Remediation

Upgrade to the latest version, available from the WordPress Plugin Directory.

More Than Two Dozen Advantech Industrial Wi-Fi Access Point Flaws Have Been Discovered

New Phishing Campaign Bypasses Security Using Corrupted Word Documents – Active IOCs

Multiple WordPress Plugins Vulnerabilities

Severity

High

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan