This vulnerability (CVE-2024-23512) is classified as CWE-502, deserialization of untrusted data, in the ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks plugin. It affects all versions up to 3.1.4. The CVSS 3.1 vector indicates network attack vector, high attack complexity, no privileges required, no user interaction, and a scope change with high impact on confidentiality and integrity but no impact on availability. The vulnerability allows an attacker to send crafted serialized data that the plugin improperly deserializes, potentially leading to remote code execution or data compromise. No patch or vendor advisory is currently available, and the plugin is not a cloud service, so remediation depends on vendor updates.

Successful exploitation can lead to a complete loss of confidentiality and integrity of the affected system, potentially allowing remote attackers to execute arbitrary code or manipulate data. Availability is not impacted according to the CVSS vector. The vulnerability is exploitable remotely without authentication or user interaction, but requires high attack complexity.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no patch or official fix is currently available, users should monitor for updates from wpxpo and consider disabling or restricting access to the affected plugin until a fix is released. Avoid processing untrusted serialized data if possible.