Deserialization in Jottlieb Last Viewed Posts By Wpbeginner
CVE-2024-3070
The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input from the LastViewedPosts Cookie. This makes it possible for u…
Vulnerability class: Insecure Deserialization
EPSS: 0.012 (63.1th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Jottlieb Last Viewed Posts By Wpbeginner — versions 0
Weakness classification (CWE)
Public proof-of-concept exploits
References
Frequently asked questions
- What is CVE-2024-3070?
- CVE-2024-3070 is a critical-severity vulnerability in Jottlieb Last Viewed Posts By Wpbeginner, classified under Deserialization of Untrusted Data. CVSS score: 9.8/10. Published 2024-05-14.
- How severe is CVE-2024-3070?
- Critical severity. CVSS v3 base score is 9.8 out of 10.
- Is CVE-2024-3070 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.