CVE-2024-43242NVD

Vulnerability Summary

Deserialization of Untrusted Data vulnerability in azzaroco Ultimate Membership Pro indeed-membership-pro.This issue affects Ultimate Membership Pro: from n/a through <= 12.7.

Severity Level

CRITICAL(9.0)

Published Date

Aug 19, 2024

Last Modified

Apr 29, 2026

Exploitation Status

????

EPSS Score (30-Day)

0.56%Probability

Root Weakness (CWE)

CWE-502: Unknown/Unlisted Weakness ↗

Refer to the official MITRE database for detailed architectural specifications regarding this weakness.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityHigh

Privileges RequiredNone

User InteractionNone

ScopeChanged

ConfidentialityHigh

IntegrityHigh

AvailabilityHigh

External References

https://patchstack.com/database/Wordpress/Plugin/indeed-membership-pro/vulnerability/wordpress-indeed-ultimate-membership-pro-plugin-12-6-unauthenticated-php-object-injection-vulnerability?_s_id=cve