The vulnerability CVE-2024-30223 has been identified in the ARMember plugin for WordPress, with a base score of 9.0, indicating its critical severity. Specifically, the issue arises from deserialization of untrusted data, making versions up to 4.0.26 susceptible to PHP Object Injection. Discovered by LVT-tholv2k, this vulnerability could enable malicious actors to execute various attacks, including code injection, SQL injection, path traversal, and denial of service, provided a proper POP chain is present.
Patchstack, the entity that discovered and published this vulnerability, recommends an immediate update to version 4.0.27 or higher of the ARMember plugin to mitigate the risk. This update addresses the vulnerability and prevents potential exploitation by malicious actors. Users are advised to prioritize this update to ensure the security of their WordPress installations. Additionally, Patchstack emphasizes its commitment to user safety by providing alerts and protections up to 48 hours in advance, allowing users to stay ahead of emerging threats.
Reference:
