CVE-2021-24217

Summary

The run_action function of the Facebook for WordPress plugin before 3.0.0 deserializes user supplied data making it possible for PHP objects to be supplied creating an Object Injection vulnerability. There was also a useable magic method in the plugin that could be used to achieve remote code execution.

Affected Software

VendorProductVersion RangeStatus
UnknownFacebook for WordPress3.0.0 < 3.0.0affected

Weaknesses

  • CWE-502: CWE-502 Deserialization of Untrusted Data

ADP Enrichment

CVE Program Container

Additional References

References