CVE-2024-43242

Name of the Vulnerable Software and Affected Versions: Ultimate Membership Pro versions n/a through 12.6

Description: The issue is related to the deserialization of untrusted data, which allows object injection. This can potentially enable a remote attacker to execute arbitrary code. The vulnerability is associated with deficiencies in the deserialization mechanism.

Recommendations: For Ultimate Membership Pro versions n/a through 12.6, consider disabling the deserialization of untrusted data as a temporary workaround until a patch is available. Restrict access to sensitive areas of the system to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.