- Description
- The Backup Migration plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.6 via deserialization of untrusted input in the 'recursive_unserialize_replace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to delete arbitrary files, retrieve sensitive data, or execute code. An administrator must create a staging site in order to trigger the exploit.
- Source
- security@wordfence.com
- NVD status
- Received
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security@wordfence.com
- CWE-502
- Hype score
- Not currently trending
CVE-2024-10932 - WordPress Backup Migration PHP Object Injection Vulnerability https://t.co/oONjL6jhEs
@WhalersLtd
4 Jan 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10932 PHP Object Injection in WordPress Backup Migration Plugin (Admin Triggered) The Backup Migration plugin for WordPress has a PHP Object Injection vulnerability in all versions up to 1.4.6. This happ... https://t.co/Col3TIcxF0
@VulmonFeeds
4 Jan 2025
83 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10932 The Backup Migration plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.6 via deserialization of untrusted input in … https://t.co/S7Lz70c1K9
@CVEnew
4 Jan 2025
533 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-10932: HIGH] Warning: WordPress Backup Migration plugin up to v1.4.6 vulnerable to PHP Object Injection! Attackers can inject PHP Objects with a POP chain to delete files or execute code. Admins need a ...#cybersecurity,#vulnerability https://t.co/sCDYx3dCP6 https://t.c
@CveFindCom
4 Jan 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes