Critical Vulnerability CVE-2024-10957 has been discovered. This vulnerability could allow an unauthorized attacker to execute an attack on the implementation of PHP objects, execute arbitrary commands, corrupt files, or steal data. Key details Discovered by security researcher Webbernaut, the vulnerability is published as CVE-2024-10957 with a CVSS score of 8.8. The problem lies in the incorrect handling of deserialization of unreliable data in the recursive_unserialised_replace function.
An attacker can carry out an attack if an administrator performs a search and replace operation, and due to the widespread use of the UpdraftPlus plugin, it was recommended to immediately update it to version 1.24.12, which fixes this issue. The UpdraftPlus Backup & Migration plugin is one of the most popular tools for backing up and migrating WordPress sites. Its widespread use makes it an attractive target for attackers, and a successful attack can have serious consequences.
The threat posed by the CVE-2024-10957 vulnerability could lead to serious consequences if an attacker were to gain access to sensitive data or destroy critical site files. The UpdraftPlus plugin should be updated to version 1.24.12 immediately.