/

CVE-2024-2008 Report - Details, Severity, & Advisories

CVE-2024-2008 Report - Details, Severity, & Advisories

Twingate Team

May 30, 2024

What is CVE-2024-2008?

CVE-2024-2008 is a high-severity vulnerability affecting the Modal Popup Box – Popup Builder, Show Offers And News in Popup plugin for WordPress. This PHP Object Injection vulnerability impacts all versions up to and including 1.5.2, and allows authenticated attackers with contributor-level access and above to inject a PHP Object.

Who is impacted by CVE-2024-2008?

All versions up to and including 1.5.2 are impacted by this issue. This vulnerability allows authenticated attackers with contributor-level access or higher to inject a PHP Object, which could lead to potential file deletion, data retrieval, or code execution on affected WordPress systems.

What to do if CVE-2024-2008 affected you

If you're affected by the CVE-2024-2008 vulnerability, it's important to take action to secure your WordPress site. Check if your site uses the Modal Popup Box – Popup Builder plugin, and if the installed version is 1.5.2 or lower.Update the plugin to version 1.5.3 or a newer patched version to fix the vulnerability. Regularly update all plugins and themes on your WordPress site to ensure you have the latest security patches.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The high-severity vulnerability CVE-2024-2008 is not listed in CISA's Known Exploited Vulnerabilities Catalog. This vulnerability affects the Modal Popup Box – Popup Builder plugin for WordPress, allowing authenticated attackers with contributor-level access to inject a PHP Object. To mitigate the risk, update the plugin to version 1.5.3 or a newer patched version.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-787, an out-of-bounds write issue in the WebP Codec of the libwebp library, affecting various projects like Chrome and Firefox.

Learn More

For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

CVE-2024-2008 Report - Details, Severity, & Advisories

CVE-2024-2008 Report - Details, Severity, & Advisories

Twingate Team

May 30, 2024

What is CVE-2024-2008?

CVE-2024-2008 is a high-severity vulnerability affecting the Modal Popup Box – Popup Builder, Show Offers And News in Popup plugin for WordPress. This PHP Object Injection vulnerability impacts all versions up to and including 1.5.2, and allows authenticated attackers with contributor-level access and above to inject a PHP Object.

Who is impacted by CVE-2024-2008?

All versions up to and including 1.5.2 are impacted by this issue. This vulnerability allows authenticated attackers with contributor-level access or higher to inject a PHP Object, which could lead to potential file deletion, data retrieval, or code execution on affected WordPress systems.

What to do if CVE-2024-2008 affected you

If you're affected by the CVE-2024-2008 vulnerability, it's important to take action to secure your WordPress site. Check if your site uses the Modal Popup Box – Popup Builder plugin, and if the installed version is 1.5.2 or lower.Update the plugin to version 1.5.3 or a newer patched version to fix the vulnerability. Regularly update all plugins and themes on your WordPress site to ensure you have the latest security patches.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The high-severity vulnerability CVE-2024-2008 is not listed in CISA's Known Exploited Vulnerabilities Catalog. This vulnerability affects the Modal Popup Box – Popup Builder plugin for WordPress, allowing authenticated attackers with contributor-level access to inject a PHP Object. To mitigate the risk, update the plugin to version 1.5.3 or a newer patched version.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-787, an out-of-bounds write issue in the WebP Codec of the libwebp library, affecting various projects like Chrome and Firefox.

Learn More

For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

CVE-2024-2008 Report - Details, Severity, & Advisories

Twingate Team

May 30, 2024

What is CVE-2024-2008?

CVE-2024-2008 is a high-severity vulnerability affecting the Modal Popup Box – Popup Builder, Show Offers And News in Popup plugin for WordPress. This PHP Object Injection vulnerability impacts all versions up to and including 1.5.2, and allows authenticated attackers with contributor-level access and above to inject a PHP Object.

Who is impacted by CVE-2024-2008?

All versions up to and including 1.5.2 are impacted by this issue. This vulnerability allows authenticated attackers with contributor-level access or higher to inject a PHP Object, which could lead to potential file deletion, data retrieval, or code execution on affected WordPress systems.

What to do if CVE-2024-2008 affected you

If you're affected by the CVE-2024-2008 vulnerability, it's important to take action to secure your WordPress site. Check if your site uses the Modal Popup Box – Popup Builder plugin, and if the installed version is 1.5.2 or lower.Update the plugin to version 1.5.3 or a newer patched version to fix the vulnerability. Regularly update all plugins and themes on your WordPress site to ensure you have the latest security patches.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The high-severity vulnerability CVE-2024-2008 is not listed in CISA's Known Exploited Vulnerabilities Catalog. This vulnerability affects the Modal Popup Box – Popup Builder plugin for WordPress, allowing authenticated attackers with contributor-level access to inject a PHP Object. To mitigate the risk, update the plugin to version 1.5.3 or a newer patched version.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-787, an out-of-bounds write issue in the WebP Codec of the libwebp library, affecting various projects like Chrome and Firefox.

Learn More

For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.