CVE-2024-1731

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Mar 5, 2024

Updated: Jan 8, 2025

CWE ID 502

Summary

CVE-2024-1731 is a vulnerability affecting the Auto Refresh Single Page plugin for WordPress. The issue lies in the plugin's handling of deserialization of untrusted input from the arsp_options post meta option. This creates an opportunity for authenticated attackers with contributor-level access or higher to inject a PHP Object. Although no Pop chain has been identified in the vulnerable plugin, if one exists via an additional plugin or theme on the target system, the attacker could delete arbitrary files, retrieve sensitive data, or execute code.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/umvKYV
https://www.cve.org/CVERecord?id=CVE-2024-1731
https://nvd.nist.gov/vuln/detail/CVE-2024-1731

Back to Vulnerability Database

CVE-2024-1731

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations