skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

CVE-2024-10957 Vulnerability Affects Over 3 Million WordPress Sites

/ 1 min read

🔍 Critical vulnerability discovered in UpdraftPlus plugin threatens over 3 million WordPress sites. A newly identified flaw, CVE-2024-10957, has a CVSS score of 8.8 and could allow unauthenticated attackers to exploit PHP Object Injection vulnerabilities, particularly through the recursive_unserialized_replace function. While the plugin itself lacks a known exploit chain, the presence of other vulnerable plugins or themes could enable severe attacks, including file deletion, data theft, and arbitrary code execution. The vulnerability affects all versions of UpdraftPlus up to 1.24.11, prompting security researcher Webbernaut to urge users to update to version 1.24.12 immediately to mitigate risks. Failure to act could lead to significant security breaches across numerous WordPress installations.

Source
{entry.data.source.title}
Original