CVE-2021-24217

Name of the Vulnerable Software and Affected Versions: Facebook for WordPress plugin versions prior to 3.0.0

Description: The issue concerns the run action function, which deserializes user-supplied data, allowing for PHP objects to be supplied and creating an object injection vulnerability. Additionally, a usable magic method in the plugin could be exploited to achieve remote code execution.

Recommendations: For versions prior to 3.0.0, update to version 3.0.0 or later to resolve the issue. As a temporary workaround, consider disabling the run action function until a patch is available. Restrict access to the plugin's magic methods to minimize the risk of exploitation.