CVE-2021-24217
First published: Mon Apr 12 2021(Updated: )
The run_action function of the Facebook for WordPress plugin before 3.0.0 deserializes user supplied data making it possible for PHP objects to be supplied creating an Object Injection vulnerability. There was also a useable magic method in the plugin that could be used to achieve remote code execution.
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| <3.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2021-24217.
What is the severity of CVE-2021-24217?
The severity of CVE-2021-24217 is high with a severity value of 8.1.
What is the affected software of CVE-2021-24217?
The affected software of CVE-2021-24217 is the Facebook for WordPress plugin before version 3.0.0.
What is the risk of CVE-2021-24217?
CVE-2021-24217 poses a risk of Object Injection vulnerability and potential remote code execution.
How can I fix CVE-2021-24217?
To fix CVE-2021-24217, update the Facebook for WordPress plugin to version 3.0.0 or later.
- agent/references
- agent/last-modified-date
- agent/type
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/description
- agent/first-publish-date
- agent/severity
- agent/weakness
- agent/author
- agent/tags
- agent/softwarecombine
- agent/event
- vendor/facebook
- canonical/facebook