CVE-2024-32431

CVSS 3.1 Score 4.4 of 10 (medium)

Details

Published Apr 15, 2024

CWE ID 502

Summary

CVE-2024-32431 is a deserialization vulnerability affecting the WP All Import plugin's Import Users from CSV feature, version n/a through 1.2. An attacker can exploit this issue by providing untrusted data during the deserialization process, potentially leading to code execution or memory corruption. Successful exploitation could result in unauthorized access to sensitive data or system takeover. Users are advised to update to the latest plugin version as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vWhmK2
https://www.cve.org/CVERecord?id=CVE-2024-32431
https://nvd.nist.gov/vuln/detail/CVE-2024-32431

Back to Vulnerability Database

CVE-2024-32431

CVSS 3.1 Score 4.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations