CVE-2024-49624

Deserialization of Untrusted Data vulnerability in smartdevth Advanced Advertising System advanced-advertising-system allows Object Injection.This issue affects Advanced Advertising System: from n/a through <= 1.3.1.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://patchstack.com/database/Wordpress/Plugin/advanced-advertising-system/vulnerability/wordpress-advanced-advertising-system-plugin-1-3-1-php-object-injection-vulnerability?_s_id=cve

Configurations

Configuration 1 (hide)

cpe:2.3:a:smartdevth:advanced_advertising_system:*:*:*:*:*:wordpress:*:*

History

01 Apr 2026, 16:18

Type	Values Removed	Values Added
References	{'url': 'https://patchstack.com/database/vulnerability/advanced-advertising-system/wordpress-advanced-advertising-system-plugin-1-3-1-php-object-injection-vulnerability?_s_id=cve', 'tags': ['Third Party Advisory'], 'source': 'audit@patchstack.com'}	() https://patchstack.com/database/Wordpress/Plugin/advanced-advertising-system/vulnerability/wordpress-advanced-advertising-system-plugin-1-3-1-php-object-injection-vulnerability?_s_id=cve -
Summary	~~(en) Deserialization of Untrusted Data vulnerability in Smartdevth Advanced Advertising System allows Object Injection.This issue affects Advanced Advertising System: from n/a through 1.3.1.~~	(en) Deserialization of Untrusted Data vulnerability in smartdevth Advanced Advertising System advanced-advertising-system allows Object Injection.This issue affects Advanced Advertising System: from n/a through <= 1.3.1.

24 Oct 2024, 14:34

Type	Values Removed	Values Added
First Time		Smartdevth advanced Advertising System Smartdevth
CPE		cpe:2.3:a:smartdevth:advanced_advertising_system::::::wordpress::*
References	~~() https://patchstack.com/database/vulnerability/advanced-advertising-system/wordpress-advanced-advertising-system-plugin-1-3-1-php-object-injection-vulnerability?_s_id=cve -~~	() https://patchstack.com/database/vulnerability/advanced-advertising-system/wordpress-advanced-advertising-system-plugin-1-3-1-php-object-injection-vulnerability?_s_id=cve - Third Party Advisory

21 Oct 2024, 17:09

Type	Values Removed	Values Added
Summary		(es) La vulnerabilidad de deserialización de datos no confiables en Smartdevth Advanced Advertising System permite la inyección de objetos. Este problema afecta al sistema de publicidad avanzada: desde n/a hasta 1.3.1.

20 Oct 2024, 09:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-10-20 09:15

Updated : 2026-04-23 15:19

NVD link : CVE-2024-49624

Mitre link : CVE-2024-49624

CVE.ORG link : CVE-2024-49624

JSON object : View

Products Affected

smartdevth

advanced_advertising_system

CWE

CWE-502

Deserialization of Untrusted Data

9.8 /10