CVE-2024-9511
CVSS 3.1 Score 9.8 of 10 (high)
Details
Summary
CVE-2024-9511 is a vulnerability affecting the FluentSMTP plugin for WordPress, specifically versions up to and including 2.2.82. This issue allows unauthenticated attackers to inject PHP Objects through deserialization of untrusted input in the 'formatResult' function. The impact of this vulnerability can be significant if a POP (Persistent Object Programming) chain exists, which could lead to file deletion, data theft, or code execution. However, no known POP chain currently exists in the vulnerable software, only a partial patch was applied in version 2.2.82.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.