The flaw in the GiveWP plugin, tracked as CVE-2024-5932, exposes over 100,000 websites to remote code execution attacks, highlighting the urgent need for software updates.
This vulnerability allows unauthenticated attackers to execute PHP Object Injection through deserialization of untrusted input, enabling the potential for remote code execution and file deletion.
The critical security flaw underscores the importance of timely updates, especially as over 100,000 sites remain vulnerable until they upgrade to version 3.14.2.
Alongside this, another major vulnerability affecting the InPost plugins was disclosed, emphasizing broader security challenges within the WordPress ecosystem.
Collection
[
|
...
]