CVE-2024-53677 and CVE-2024-11972 Vulnerabilities Expose 10,000+ WordPress Sites to Cyber Threats

Multiple critical cybersecurity vulnerabilities have been identified, posing significant risks to various platforms and applications. A severe flaw in Apache Struts, designated CVE-2024-53677 with a CVSS score of 9.5, allows for remote code execution, raising alarms among security professionals. Additionally, the Hunk Companion WordPress plugin has been found to have a critical vulnerability (CVE-2024-11972) with a CVSS score of 9.8, which exposes over 10,000 WordPress sites to potential remote code execution, SQL injection, and backdoor threats. This vulnerability is currently under active exploitation. Furthermore, a separate zero-day vulnerability in the Cleo software (CVE-2024-50623) has also been reported. The cybersecurity community is urged to take immediate action to secure their systems against these threats, as the implications for data security and integrity are profound.