- Description
- The s2Member Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 241216 via deserialization of untrusted input from the 's2member_pro_remote_op' vulnerable parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
- Source
- security@wordfence.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security@wordfence.com
- CWE-502
- Hype score
- Not currently trending
Critical vulnerability CVE-2024-12562 in s2Member Pro for WordPress exposes millions of sites to attack. With a CVSS score of 9.8, swift updates are essential to secure against threats. 🚨 #WordPress #s2Member #USA link: https://t.co/d513J5PJ2q https://t.co/rd6cfVmCTn
@TweetThreatNews
18 Feb 2025
23 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨🚨CVE-2024-12562 (CVSS: 9.8) : WordPress Plugin s2Member Pro - Unauthenticated PHP Object Injection ⚠️The vulnerability stems from the plugin’s failure to properly sanitize user input, which allows attackers to exploit the PHP Object Injection vulnerability and potentially gain
@zoomeye_team
18 Feb 2025
315 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2024-12562 The s2Member Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 241216 via deserialization of untrusted input from t… https://t.co/9g2FEIC7Fz
@CVEnew
15 Feb 2025
531 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-12562: CRITICAL] WordPress s2Member Pro plugin up to v241216 is susceptible to PHP Object Injection via 's2member_pro_remote_op' parameter, posing risk of unauthorized access to execute malicious code o...#cybersecurity,#vulnerability https://t.co/aM7bq4em82 https://t.c
@CveFindCom
15 Feb 2025
39 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:s2member:s2member:*:*:*:*:pro:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "21D77C8D-2BFC-42CE-8E58-A4B87767CFFB",
"versionEndExcluding": "250214"
}
],
"operator": "OR"
}
]
}
]