- Description
- The FluentSMTP – WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.2.82 via deserialization of untrusted input in the 'formatResult' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. The vulnerability was partially patched in version 2.2.82.
- Source
- security@wordfence.com
- NVD status
- Received
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security@wordfence.com
- CWE-502
- Hype score
- Not currently trending
【リンク集:11月22日~25日のセキュリティ関連ニュース/記事】 <脆弱性> ・CVE-2024-9511(CVSS 9.8):FluentSMTPプラグインにおける重大な欠陥により、30万超のWordPressサイトが乗っ取られる恐れ https://t.co/YcHjmSp1X8 ・CVE-2024-11477:7-Zipの脆弱性でリモートコード実行が可能に… https://t.co/TmuGmvuZCB
@MachinaRecord
25 Nov 2024
169 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-9511 (CVSS 9.8): Critical Flaw in FluentSMTP Plugin Exposes Over 300,000 WordPress Sites to Potential Takeover - https://t.co/SvaTpeiDmr
@moton
25 Nov 2024
74 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
WordPressのFluentSMTPプラグインに任意コード実行の脆弱性。同プラグインは30万サイト以上が使用。CVE-2024-9511はCVSSスコア9.8で、信頼されないデータのデシリアライゼーションによるPHPオブジェクト注入。認証不要でサイト乗っ取りのおそれ。 https://t.co/FuLrQR3gDH
@__kokumoto
24 Nov 2024
4643 Impressions
25 Retweets
43 Likes
10 Bookmarks
0 Replies
1 Quote
CVE-2024-9511 (CVSS 9.8): Critical Flaw in FluentSMTP Plugin Exposes Over 300,000 WordPress Sites to Potential Takeover https://t.co/pmA81zmyML
@VulnVanguard
24 Nov 2024
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-9511: Critical FluentSMTP Plugin Vulnerability: - Severe flaw (CVSS 9.8) in FluentSMTP affects 300,000+ WordPress sites. - Exploitable by attackers to achieve full site takeover. Source: https://t.co/2ST3VcTysM #Cybersecurity #CVE #WordPress #Vulnerability #SMTP
@Areenzor
24 Nov 2024
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-9511 (CVSS 9.8): Critical Flaw in FluentSMTP Plugin Exposes Over 300,000 WordPress Sites to Potential Takeover https://t.co/qGX9iaxTWp
@ohhara_shiojiri
24 Nov 2024
43 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-9511 (CVSS 9.8): Critical Flaw in FluentSMTP Plugin Exposes Over 300,000 WordPress Sites to Potential Takeover https://t.co/6foJu7WVHr
@Dinosn
24 Nov 2024
2053 Impressions
4 Retweets
19 Likes
3 Bookmarks
0 Replies
0 Quotes
🗣 CVE-2024-9511 (CVSS 9.8): Critical Flaw in FluentSMTP Plugin Exposes Over 300,000 WordPress Sites to Potential Takeover https://t.co/9ehgCE9YbV
@fridaysecurity
24 Nov 2024
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-9511 (CVSS 9.8): Critical Flaw in FluentSMTP Plugin Exposes Over 300,000 WordPress Sites to Potential Takeover https://t.co/wbP0hBgQGA
@the_yellow_fall
24 Nov 2024
178 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-9511: Critical vuln in techjewel FluentSMTP Plugin <= 2.2.82 on WordPress. Unauth RCE via deserialization. Upgrade ASAP to patch. #CyberSecurity #WordPress
@oktsec
23 Nov 2024
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes