CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52415 – WordPress SK WP Settings Backup plugin <= 1.0 - CSRF to PHP Object Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-52415
13 Nov 2024 — Cross-Site Request Forgery (CSRF) vulnerability in Skpstorm SK WP Settings Backup allows Object Injection.This issue affects SK WP Settings Backup: from n/a through 1.0. The SK WP Settings Backup plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform PHP Object Injection via a forged request granted they can trick a site administ... • https://patchstack.com/database/vulnerability/sk-wp-settings-backup/wordpress-sk-wp-settings-backup-plugin-1-0-csrf-to-php-object-injection-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •