Summary: A critical security vulnerability (CVE-2024-12562) has been identified in the s2Member Pro plugin for WordPress, which could affect millions of websites due to its ability to allow unauthenticated attackers to inject malicious PHP objects. With a CVSS score of 9.8, the vulnerability arises from insufficient user input sanitization and could lead to severe security issues if exploited alongside other vulnerabilities. Website owners are urged to update to the latest version to protect against potential attacks.
Affected: s2Member Pro plugin for WordPress
Keypoints :
- Security vulnerability tracked as CVE-2024-12562 with a CVSS score of 9.8.
- Allows unauthenticated attackers to exploit PHP Object Injection through the s2member_pro_remote_op parameter.
- Patch available in version 250214; users are strongly advised to update immediately.