0.001 Low
EPSS
Percentile
42.0%
Authenticated Phar Deserialization vulnerability discovered by Dennis Brinkrolf (SonarSource) in WordPress CiviCRM plugin (versions <= 5.24.2).
Update the WordPress CiviCRM plugin to the latest available version (at least 5.24.3).
blog.sonarsource.com/civicrm-code-execution-vulnerability-chain-explained/
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36388
github.com/civicrm/civicrm-core/blob/master/release-notes.md