AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2024-52445: Deserialization of Untrusted Data vulnerability in Modeltheme QRMenu Restaurant QR Menu Lite allows Object Injection.Thi

highvulnerability

security

Source: NVD/CVE DatabaseNovember 20, 2024CVE-2024-52445

Summary

CVE-2024-52445 is a deserialization of untrusted data vulnerability (a flaw where a program processes data from an untrusted source without checking it, potentially allowing an attacker to manipulate the program) in the Modeltheme QRMenu Restaurant QR Menu Lite plugin that affects versions up to 1.0.3. This vulnerability allows object injection (an attack where malicious data tricks the program into creating unintended objects).

Vulnerability Details

CVSS Score

8.8(high)

EPSS (30-day exploit probability)

EPSS: 0.5%

Classification

Attack SophisticationModerate

Taxonomy References

CWE (Weakness Type)

CWE-502

CAPEC (Attack Pattern)

CAPEC-586

Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-52445

First tracked: February 15, 2026 at 08:53 PM

Classified by LLM (prompt v3) · confidence: 95%