3 matches found
CVE-2024-10932
creationtimestamp| type| source ---|---|--- 2025-01-04 07:26:19+00:00| seen| https://infosec.exchange/users/cve/statuses/113768895220327215 2025-01-04 09:44:29+00:00| seen| https://t.me/cvedetector/14268...
CVE-2024-10932 Backup Migration <= 1.4.6 - Unauthenticated PHP Object Injection via 'recursive_unserialize_replace'
The Backup Migration plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.6 via deserialization of untrusted input in the 'recursiveunserializereplace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. The...
CVE-2024-10932
CVE-2024-10932 (Backup Migration, WordPress) Vulnerability: unauthenticated PHP Object Injection via deserialization in recursive_unserialize_replace, affecting all versions up to 1.4.6. Exploit can inject a PHP object; when a POP chain is present, an attacker can delete arbitrary files, retrieve...