CVE-2024-13899

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Feb 22, 2025

Updated: Mar 11, 2025

CWE ID 502

Summary

CVE-2024-13899 is a vulnerability affecting the Mambo Importer plugin for WordPress. This issue allows authenticated attackers with Administrator-level access and above to inject PHP Objects through deserialization of untrusted input in the $data parameter of the fImportMenu function. No POP chain is present in the vulnerable software, but if one exists in an additional plugin or theme, it could lead to file deletion, data retrieval, or code execution. All versions of Mambo Importer up to and including 1.0 are impacted.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Mambo Importer Plugin

Affected Vendors

WordPress

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/3kLbHs
https://www.cve.org/CVERecord?id=CVE-2024-13899
https://nvd.nist.gov/vuln/detail/CVE-2024-13899

Back to Vulnerability Database