Overview
- Description
- The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.9.107 via deserialization of untrusted input in the 'replace_row_data' and 'replace_serialize_data' functions. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. An administrator must create a staging site to trigger the exploit.
- Source
- security@wordfence.com
- NVD status
- Awaiting Analysis
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
Weaknesses
- security@wordfence.com
- CWE-502
Social media
- Hype score
- Not currently trending
CVE-2024-10962 PHP Object Injection Vulnerability in WPvivid Plugin for WordPress The Migration, Backup, Staging – WPvivid plugin for WordPress, up to version 0.9.107, has a vulnerability involving PHP Object Inj... https://t.co/sC7R2jGJs1
@VulmonFeeds
14 Nov 2024
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10962 The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.9.107 via deserialization … https://t.co/rvU8qKnhcF
@CVEnew
14 Nov 2024
103 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-10962: HIGH] WordPress plugin WPvivid is susceptible to PHP Object Injection in versions up to 0.9.107, enabling attackers to inject PHP Objects. Use caution and update to prevent potential cyber securi...#cybersecurity,#vulnerability https://t.co/3vK85NCblY https://t.c
@CveFindCom
14 Nov 2024
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes