CVE-2024-56281
CVSS 3.1 Score 7.5 of 10 (high)
Details
Summary
CVE-2024-56281 is a newly disclosed vulnerability that impacts the CodeMShop WordPress plugin for payment processing. This issue permits PHP Local File Inclusion due to an improper control of filenames used in include/require statements. Hackers can exploit this vulnerability to gain unauthorized access to the system and potentially execute arbitrary code. The flaw affects all versions of WordPress Payment Simple Plugin from the unknown version up to 5.2.0. System administrators are strongly advised to update their plugins to the latest version to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.