June 27, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Chinese-Affiliated Threat Actors Target Countries Around South China Sea – Active IOCs
May 24, 2024
Multiple Intel Products Vulnerabilities
May 24, 2024
Chinese-Affiliated Threat Actors Target Countries Around South China Sea – Active IOCs
May 24, 2024
Multiple Intel Products Vulnerabilities
May 24, 2024
Severity
High
Analysis Summary
CVE-2024-3070 CVSS:10
Last Viewed Posts by WPBeginner plugin for WordPress could allow a remote attacker to execute arbitrary code on the system, caused by a code injection vulnerability. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2023-41243 CVSS:8.8
WordPress WPvivid Backup plugin for WordPress could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper privilege management vulnerability. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2024-4838 CVSS:7.5
ConvertPlus plugin for WordPress could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a PHP object injection flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Gain Access
- Privilege Escalation
Indicators of Compromise
CVE
- CVE-2024-3070
- CVE-2023-41243
- CVE-2024-4838
Affected Vendors
WordPress
Affected Products
- Last Viewed Posts by WPBeginner Plugin for WordPress 1.0.0
- WPvivid Backup and Migration plugin for WordPress 0.9.90
- ConvertPlus ConvertPlus plugin for WordPress 3.5
Remediation
Upgrade to the latest version of WordPress Plugin, available from the WordPress Plugin Directory.