We demand the safe return of all citizens who have been taken hostage by the terrorist group Hamas. We will not rest until every hostage is released and returns home safely. You can help bring them back home. https://stories.bringthemhomenow.net/

🔐 CVE ID: CVE-2024-4439

📝 Description: A significant security vulnerability has been identified in WordPress Core versions up to 6.5.1, tracked as CVE-2024-4439. This vulnerability is a stored Cross-Site Scripting (XSS) flaw, allowing attackers to inject harmful web scripts through the Avatar block. The flaw arises due to insufficient output escaping of user display names, enabling both authenticated and unauthenticated attackers to execute arbitrary PHP commands.

🛠️ Exploit Code: The provided exploit code demonstrates the exploitation of CVE-2024-4439. By injecting a crafted payload into the Avatar block, the attacker can execute arbitrary PHP commands on the target server. This particular exploit showcases the injection of a reverse shell payload, facilitating unauthorized access to the server.

🔍 Credits: This information was sourced from SecurityOnline.info by Do Son.