Code Execution Vulnerability in WordPress Affecting WP_HTML_Token Class

CVE-2024-31211

What is CVE-2024-31211?

A significant vulnerability in WordPress has been identified related to the unsafe unserialization of instances of the WP_HTML_Token class. This flaw potentially allows an attacker to execute arbitrary code by exploiting the magic __destruct() method when instances of this class are unserialized. The issue was effectively addressed in version 6.4.2 released on December 6, 2023. Users of WordPress are strongly encouraged to upgrade to this version or later to ensure their installations are secure. It is vital to maintain updated versions to protect against such vulnerabilities.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References