CVE-2024-56059
Published: 18 December 2024
Summary
CVE-2024-56059 is a critical-severity Prototype Pollution (CWE-1321) vulnerability. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 3.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
The vulnerability is a Prototype Pollution flaw, tracked as CWE-1321, that permits improperly controlled modification of object prototype attributes and results in object injection. It affects the farinspace Partners WordPress plugin in all versions through 0.2.0. The issue carries a CVSS 3.1 score of 9.8, reflecting network-accessible attack conditions with no required authentication or user interaction.
An unauthenticated remote attacker can supply crafted input that pollutes JavaScript or PHP object prototypes, enabling object injection. Successful exploitation can lead to full compromise of confidentiality, integrity, and availability on the affected WordPress site.
The sole referenced advisory on Patchstack describes the flaw as a PHP object injection vulnerability in the Partners plugin version 0.2.0 and directs administrators to apply the vendor-supplied update that resolves the issue. The EPSS score has reached a peak of 0.3461 with a current value of 0.3235, indicating sustained exploitation interest following disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-52957
Vulnerability details
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability in farinspace Partners partners allows Object Injection.This issue affects Partners: from n/a through <= 0.2.0.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.