CVE-2024-0668

Summary

CVE-2024-0668 is a vulnerability affecting the Advanced Database Cleaner plugin for WordPress. This issue allows authenticated attackers with administrator access to inject PHP Objects into the plugin through deserialization of untrusted input in the 'process_bulk_action' function. No Pop chain is present in the vulnerable plugin, but if one exists via an additional plugin or theme, it could enable the attacker to delete files, retrieve sensitive data, or execute code. The Advanced Database Cleaner plugin, used in WordPress installations, has been identified as harboring a vulnerability, CVE-2024-0668. The flaw, which allows PHP Object Injection, arises due to deserialization of untrusted input in the 'process_bulk_action' function. Authenticated attackers holding administrator privileges can exploit this vulnerability and inject PHP Objects, potentially leading to data deletion, sensitive information exposure, and code execution. The presence of a Pop chain in other plugins or themes installed on the target system could exacerbate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.