CVE-2024-49318: 
WordPress vulnerability analysis and mitigation

A Deserialization of Untrusted Data vulnerability (CWE-502) was discovered in Scott Olson's My Reading Library WordPress plugin through version 1.0. The vulnerability was disclosed on October 15, 2024, and received a critical CVSS v3.1 base score of 9.8 (Patchstack, NVD).

The vulnerability is classified as a PHP Object Injection flaw that allows for deserialization of untrusted data. It affects My Reading Library plugin versions up to and including 1.0. The vulnerability received a CVSS v3.1 score of 9.8 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating network accessibility, low attack complexity, and no required privileges or user interaction (Patchstack).

If successfully exploited, this vulnerability could allow an attacker to execute code injection, SQL injection, path traversal, or denial of service attacks if a proper POP chain is present. The high CVSS score indicates that the vulnerability could lead to a complete compromise of the affected system's confidentiality, integrity, and availability (Patchstack).

At the time of disclosure, no official fix was available for this vulnerability. Users are advised to mitigate or resolve the vulnerability immediately (Patchstack).