Template / PR Information

Added CVE-2024-8353 - GiveWP WordPress Plugin PHP Object Injection vulnerability template

/claim #13130

This template detects a critical PHP Object Injection vulnerability in the GiveWP plugin for WordPress (versions ≤ 3.16.1) via the ‘give_title’ and ‘card_address’ parameters. The vulnerability allows unauthenticated attackers to inject PHP objects, potentially leading to file deletion or code execution.

References:

• https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/wp_givewp_rce.rb
• https://vulncheck.com/xdb/2d719a4f5a4d
• https://github.com/EQSTLab/CVE-2024-8353
• https://github.com/0xb0mb3r/CVE-2024-8353-PoC

Template Validation

I’ve validated this template locally?

• YES
• NO

Validation Details:

• Tested against GiveWP vulnerable version ≤ 3.16.1
• Template successfully detects the PHP Object Injection vulnerability
• Uses benign stdClass payload for safe detection
• Properly follows WordPress plugin vulnerability testing patterns
• Includes appropriate matchers to prevent false positives

Additional Details

CVSS Score: 9.8 (Critical) CWE: CWE-502 (Deserialization of Untrusted Data) Affected Versions: GiveWP ≤ 3.16.1 Fixed Version: GiveWP 3.16.2+

Template Features:

• Targets donation form processing endpoint
• Uses URL-encoded PHP object serialization payload
• Tests both give_title and card_address parameters
• Includes proper WordPress plugin metadata (CPE, vendor, product)
• Follows Nuclei template best practices for WordPress plugins

Vulnerability Description: The GiveWP plugin processes user input through donation forms without proper sanitization of serialized data. An attacker can inject malicious PHP objects via the ‘give_title’ parameter during donation processing, leading to PHP Object Injection. While no direct POP chain exists in the plugin itself, WordPress core contains gadget chains that can be exploited for remote code execution.

Template Structure:

• Single HTTP POST request to donation processing endpoint
• Includes realistic donation form data
• Uses benign object injection payload for detection
• Implements proper error handling and negative matching
• Follows WordPress plugin detection patterns

Testing Commands:

# Basic template validation
nuclei -t http/cves/2024/CVE-2024-8353.yaml -validate

# Test against vulnerable target
nuclei -t http/cves/2024/CVE-2024-8353.yaml -u http://target-url -v

# Debug mode for detailed output
nuclei -t http/cves/2024/CVE-2024-8353.yaml -u http://target-url -debug

# Test with specific form URL
nuclei -t http/cves/2024/CVE-2024-8353.yaml -u "http://target-url/?post_type=give_forms&p=9" -v

Expected Results:

• Vulnerable GiveWP ≤ 3.16.1: [CVE-2024-8353] [http] [critical] http://target-url
• Patched GiveWP 3.16.2+: No matches
• Non-GiveWP sites: No matches

Payload Details:

• Uses benign stdClass object: O:8:"stdClass":1:{s:4:"test";s:4:"test";}
• Targets give_title and card_address parameters
• URL-encoded for proper transmission

Additional References:

• Nuclei Template Creation Guideline
• Nuclei Template Matcher Guideline
• Nuclei Template Contribution Guideline
• PD-Community Discord server

Files

• CVE-2024-8353.debug
• WP Give 3.16.0
• Docker WP