{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T15:28:25.210","vulnerabilities":[{"cve":{"id":"CVE-2024-3020","sourceIdentifier":"security@wordfence.com","published":"2024-04-10T05:15:50.200","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The plugin is vulnerable to PHP Object Injection in versions up to and including, 2.6.3 via deserialization of untrusted input in the import function via the 'shortcode' parameter. This allows authenticated attackers, with administrator-level access to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code."},{"lang":"es","value":"El complemento es vulnerable a la inyección de objetos PHP en versiones hasta la 2.6.3 incluida mediante la deserialización de entradas que no son de confianza en la función de importación a través del parámetro 'shortcode'. Esto permite a atacantes autenticados, con acceso a nivel de administrador, inyectar un objeto PHP. Si hay una cadena POP presente a través de un complemento o tema adicional instalado en el sistema de destino, podría permitir al atacante eliminar archivos arbitrarios, recuperar datos confidenciales o ejecutar código."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}]},"weaknesses":[{"source":"security@wordfence.com","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/changeset/3065296/wp-carousel-free/trunk/includes/class-wp-carousel-free-import-export.php","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d66df15e-1a0a-49e9-bcf9-67091499b24e?source=cve","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3065296/wp-carousel-free/trunk/includes/class-wp-carousel-free-import-export.php","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/d66df15e-1a0a-49e9-bcf9-67091499b24e?source=cve","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}