CVE-2024-7561

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 8, 2024

CWE ID 502

Summary

CVE-2024-7561 is a vulnerability affecting the The Next theme for WordPress. This issue allows authenticated attackers with Contributor-level access or higher to inject PHP Objects via deserialization of untrusted data in the wpeden_post_meta post meta value. No Pop chain has been identified within the vulnerable software, but one could potentially be present via an additional plugin or theme, escalating the attacker's capabilities to delete arbitrary files, retrieve sensitive data, or run code on the target system.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/xi6UnZ
https://www.cve.org/CVERecord?id=CVE-2024-7561
https://nvd.nist.gov/vuln/detail/CVE-2024-7561

Back to Vulnerability Database

CVE-2024-7561

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations