CNNVD-202512-3554 Information
CNNVD ID
CNNVD-202512-3554
Related CVE
- CNNVD Published: 2025-12-18
Description (Chinese)
Grav等都是(Grav)开源的产品。Grav是一套可扩展的用于个人博客、小型内容发布平台和单页产品展示的CMS(内容管理系统)。Gravity是一种用 C 编写的强大的、动态类型的、轻量级的、可嵌入的编程语言。Desk等都是个人开发者的产品。Desk是一款写作,博客和记笔记应用。WebSockets ws等都是(WebSockets)开源的产品。ws是一个 Node.js WebSocket 库。 WordPress plugin WP Gravity Forms FreshDesk Plugin 13.5及之前版本存在安全漏洞,该漏洞源于反序列化不可信数据,可能导致对象注入。
Description (English)
Grav and others are open-source products. Grav is an extended set of CMSs (content management systems) for personal blogs, small content distribution platforms and single-page product presentations. Gravity is a powerful, dynamic type, lightweight, embedded programming language written in C. Desk and others are products of individual developers. Desk is a writing, blog and notebook application. WebSockets ws are all open-source products. Ws is a Node.js WebSocket library. WordPresin WP Gravity Forms FreshDesk Plugin 13.5 and earlier versions had a security loophole, which stemmed from non-reliability of anti-sequencing data and could lead to the injection of objects.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
WordPress
Published
2025-12-18
Last Modified
2026-02-24
References
Patch
https://wordpress.org/plugins/gf-freshdesk/
Share on: