CVE-2024-10913
CVSS 3.1 Score 8.8 of 10 (high)
Details
Published Nov 20, 2024
Updated: Nov 21, 2024
CWE ID 502
Summary
CVE-2024-10913: The Clone plugin for WordPress, affecting versions up to 2.4.6, is vulnerable to PHP Object Injection. This is due to deserialization of untrusted input in the 'recursive_unserialized_replace' function, leading to the injection of a PHP Object. No Pop chain has been identified in the vulnerable software. However, if a Pop chain exists via an additional plugin or theme on the target system, the attacker could potentially delete arbitrary files, retrieve sensitive data, or execute code.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share