More Than Two Dozen Advantech Industrial Wi-Fi Access Point Flaws Have Been Discovered
December 2, 2024New Phishing Campaign Bypasses Security Using Corrupted Word Documents – Active IOCs
December 2, 2024More Than Two Dozen Advantech Industrial Wi-Fi Access Point Flaws Have Been Discovered
December 2, 2024New Phishing Campaign Bypasses Security Using Corrupted Word Documents – Active IOCs
December 2, 2024Severity
High
Analysis Summary
CVE-2024-52449 CVSS:7.5
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Navneil Naicer Bootscraper allows PHP Local File Inclusion.This issue affects Bootscraper: from n/a through 2.1.0.
CVE-2024-52439 CVSS:9.8
Deserialization of Untrusted Data vulnerability in Mark O’Donnell Team Rosters allows Object Injection.This issue affects Team Rosters: from n/a through 4.6.
CVE-2024-52440 CVSS:9.8
Deserialization of Untrusted Data vulnerability in Bueno Labs Pvt. Ltd. Xpresslane Fast Checkout allows Object Injection.This issue affects Xpresslane Fast Checkout: from n/a through 1.0.0.
CVE-2024-52443 CVSS:9.8
Deserialization of Untrusted Data vulnerability in Nerijus Masikonis Geolocator allows Object Injection.This issue affects Geolocator: from n/a through 1.1.
Impact
- Gain Access
Indicators of Compromise
CVE
- CVE-2024-52449
- CVE-2024-52439
- CVE-2024-52440
- CVE-2024-52443
Affected Vendors
Affected Products
- Navneil Naicer Bootscraper - n/a
- Rosters Plugin = 4.6
- Xpresslane Fast Checkout Plugin = 1.0.0
- Geolocator Plugin = 1.1
Remediation
Upgrade to the latest version, available from the WordPress Plugin Directory.