Your Name (OneArch)

1 exploit Active since Apr 2024
CVE-2024-31211 NOMISEC MEDIUM WORKING POC
WordPress 6.4.0-6.4.1 - Remote Code Execution via WP_HTML_Token Unserialization
WordPress is an open publishing platform for the Web. Unserialization of instances of the `WP_HTML_Token` class allows for code execution via its `__destruct()` magic method. This issue was fixed in WordPress 6.4.2 on December 6th, 2023. Versions prior to 6.4.0 are not affected.
CVSS 5.5