CVE-2026-24385
Deserialization Object Injection in Podlove Web Player
Publication date: 2026-03-05
Last updated on: 2026-03-09
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| podlove | podlove_web_player | to 5.9.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
Can you explain this vulnerability to me?
CVE-2026-24385 is a PHP Object Injection vulnerability in the Podlove Web Player WordPress plugin versions up to and including 5.9.1.
This vulnerability allows an attacker who has at least Contributor or Developer privileges to inject malicious PHP objects into the application.
Exploiting this flaw can lead to various attacks such as code injection, SQL injection, path traversal, denial of service, and other malicious actions if a suitable Property Oriented Programming (POP) chain is available.
The vulnerability falls under the OWASP Top 10 category A3: Injection.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow attackers with Contributor or Developer privileges to perform unauthorized actions such as executing arbitrary code, manipulating the database via SQL injection, accessing or modifying files through path traversal, or causing denial of service.
These impacts can compromise the security, integrity, and availability of the affected system.
Users of the Podlove Web Player plugin versions 5.9.1 and earlier are at risk until they update to version 5.9.2 or later.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability affects the Podlove Web Player Plugin versions up to and including 5.9.1. Detection involves identifying if this vulnerable plugin version is installed on your WordPress site.'}, {'type': 'paragraph', 'content': 'You can check the installed plugin version by accessing your WordPress admin dashboard or by running commands on your server to inspect the plugin files.'}, {'type': 'list_item', 'content': 'Use WP-CLI to check the plugin version: wp plugin list | grep podlove-web-player'}, {'type': 'list_item', 'content': "Manually check the plugin version in the plugin's main PHP file, usually located at wp-content/plugins/podlove-web-player/podlove-web-player.php, by looking for the Version header."}, {'type': 'paragraph', 'content': 'Additionally, monitoring logs or network traffic for suspicious activity related to PHP Object Injection attempts may help detect exploitation attempts, but no specific detection commands are provided.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
The primary and most effective mitigation step is to update the Podlove Web Player Plugin to version 5.9.2 or later, where this vulnerability has been patched.
Until the update can be applied, you can use mitigation rules provided by Patchstack that block exploitation attempts.
Restrict user privileges to prevent untrusted users from having Contributor or Developer roles, as the vulnerability requires at least these privileges to be exploited.
Enable auto-update features for plugins if available to ensure timely patching of vulnerabilities.