The document provides details about a vulnerability (CVE-2024-26778) affecting the 'patch-on-demand' feature in multiple WordPress plugins, allowing an unauthenticated remote attacker to execute arbitrary code. The vulnerability stems from improper input validation in the plugin, leading to potential code execution through specific HTTP requests. Attackers can exploit this flaw to compromise affected websites and execute malicious activities
The CERTFR team recommends updating the affected plugins to their latest versions and following security best practices to prevent potential exploitation of this vulnerability.https://www.cert.ssi.gouv.fr/pdf/CERTFR-2024-AVI-0422.pdf