CVE-2024-12312

Name of the Vulnerable Software and Affected Versions Print Science Designer plugin for WordPress versions up to, and including, 1.3.152

Description The issue concerns a PHP Object Injection vulnerability in the Print Science Designer plugin for WordPress. This vulnerability arises from the deserialization of untrusted input through the designer-saved-projects cookie, allowing unauthenticated attackers to inject a PHP object. There is no known POP chain present in the vulnerable software. However, if a POP chain is present via an additional plugin or theme installed on the target system, it could enable the attacker to delete arbitrary files, retrieve sensitive data, or execute code.

Recommendations For versions up to, and including, 1.3.152, update to a version later than 1.3.152 to resolve the issue. As a temporary workaround, consider restricting access to the designer-saved-projects cookie to minimize the risk of exploitation.