CVE-2024-10957

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Jan 4, 2025
Updated: Jan 6, 2025
CWE ID 502

Summary

CVE-2024-10957 is a vulnerability affecting the UpdraftPlus: WP Backup & Migration Plugin for WordPress, impacting versions 1.23.8 to 1.24.11. This issue involves PHP Object Injection through deserialization of untrusted input in the 'recursive_unserialized_replace' function. Unauthenticated attackers can inject a PHP Object, but no Pop chain is present in the vulnerable software, meaning no exploit is possible without an additional plugin or theme containing a Pop chain. If present, this vulnerability could enable the attacker to delete files, retrieve sensitive data, or execute code. An administrator must perform a search and replace action to trigger the exploit.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share