Vulnerability Details CVE-2024-31211
WordPress is an open publishing platform for the Web. Unserialization of instances of the `WP_HTML_Token` class allows for code execution via its `__destruct()` magic method. This issue was fixed in WordPress 6.4.2 on December 6th, 2023. Versions prior to 6.4.0 are not affected.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.449
EPSS Ranking 97.5%
CVSS Severity
CVSS v3 Score 5.5
References