CVE-2024-7560

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Aug 8, 2024
CWE ID 502

Summary

CVE-2024-7560 is a vulnerability affecting the News Flash theme for WordPress. This issue allows authenticated attackers with Editor-level access or higher to inject PHP Objects via deserialization of untrusted inputs from the newsflash_post_meta meta value. The vulnerability does not involve a known Pop chain, but if one exists through an additional plugin or theme, it could potentially lead to file deletion, data theft, or code execution. The News Flash theme versions up to and including 1.1.0 are impacted.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share