CVE-2024-10957
CVSS 3.1 Score 8.8 of 10 (high)
Details
Summary
CVE-2024-10957 is a vulnerability affecting the UpdraftPlus: WP Backup & Migration Plugin for WordPress, impacting versions 1.23.8 to 1.24.11. This issue involves PHP Object Injection through deserialization of untrusted input in the 'recursive_unserialized_replace' function. Unauthenticated attackers can inject a PHP Object, but no Pop chain is present in the vulnerable software, meaning no exploit is possible without an additional plugin or theme containing a Pop chain. If present, this vulnerability could enable the attacker to delete files, retrieve sensitive data, or execute code. An administrator must perform a search and replace action to trigger the exploit.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- UpdraftPlus
Affected Vendors
- Updraftplus