What is CVE-2024-5488?

CVE-2024-5488 is a vulnerability in Seopress, classified under CWE-502 DESERIALIZATION OF UNTRUSTED DATA. Published 2024-07-09.

Is CVE-2024-5488 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Seopress

CVE-2024-5488

The SEOPress WordPress plugin before 7.9 does not properly protect some of its REST API routes, which combined with another Object Injection vulnerability can allow unauthenticated attackers to unserialize malicious gadget chains, comprom…

EPSS: 0.719 (98.8th percentile) — read the EPSS interpretation.

Affected products

Unknown Seopress — versions 0

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

wpscan.com/vulnerability/28507376-ded0-4e1a-b2fc-2182895aa14c/ (exploit, vdb-entry, technical-description)

Frequently asked questions

What is CVE-2024-5488?: CVE-2024-5488 is a vulnerability in Seopress, classified under CWE-502 DESERIALIZATION OF UNTRUSTED DATA. Published 2024-07-09.
Is CVE-2024-5488 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.