CVE-2024-10913

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Nov 20, 2024
Updated: Nov 21, 2024
CWE ID 502

Summary

CVE-2024-10913: The Clone plugin for WordPress, affecting versions up to 2.4.6, is vulnerable to PHP Object Injection. This is due to deserialization of untrusted input in the 'recursive_unserialized_replace' function, leading to the injection of a PHP Object. No Pop chain has been identified in the vulnerable software. However, if a Pop chain exists via an additional plugin or theme on the target system, the attacker could potentially delete arbitrary files, retrieve sensitive data, or execute code.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share