CVE-2024-33641 MEDIUM

CVE-2024-33641: WordPress Custom field finder plugin <= 0.3 - PHP Object Injection vulnerability

Vendor Team Yoast
Product Custom field finder
Weakness CWE-502 · Unsafe deserialization
Published April 29, 2024
Last update April 28, 2026
View on NVD All CVEs

CVSS base score

5.4/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Deserialization of Untrusted Data vulnerability in Team Yoast Custom field finder.This issue affects Custom field finder: from n/a through 0.3.

Key dates

02Disclosure timeline

April 29, 2024 CVE published
April 28, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2023-51641 Allegra renderFieldMatch Deserialization of Unstrusted Data Remote Code Execution Vulnerability CVE-2025-49507 WordPress CozyStay theme < 1.7.1 - PHP Object Injection vulnerability CVE-2024-3020 Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce <= 2.6.3 - Authenticated (Admin+) PHP Object Injection CVE-2024-13789 Ravpage <= 2.31 - PHP Object Injection CVE-2026-32509 WordPress Gracey theme < 1.4 - Arbitrary Object Instantiation vulnerability