CVE-2024-31211 Information

Description

WordPress is an open publishing platform for the Web. Unserialization of instances of the WP_HTML_Token class allows for code execution via its __destruct() magic method. This issue was fixed in WordPress 6.4.2 on December 6th 2023. Versions prior to 6.4.0 are not affected.

Reference

https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-m257-q4m5-j653