CVE-2024-9511

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 23, 2024
CWE ID 502

Summary

CVE-2024-9511 is a vulnerability affecting the FluentSMTP plugin for WordPress, specifically versions up to and including 2.2.82. This issue allows unauthenticated attackers to inject PHP Objects through deserialization of untrusted input in the 'formatResult' function. The impact of this vulnerability can be significant if a POP (Persistent Object Programming) chain exists, which could lead to file deletion, data theft, or code execution. However, no known POP chain currently exists in the vulnerable software, only a partial patch was applied in version 2.2.82.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share