What the vulnerability does
01Description
Deserialization of Untrusted Data vulnerability in Ultimate Member ForumWP forumwp allows Object Injection.This issue affects ForumWP: from n/a through <= 2.1.0.
CVE-2024-54367
CRITICAL
CVE-2024-54367: WordPress ForumWP plugin <= 2.1.0 - PHP Object Injection vulnerability
CVSS base score
9.8/10
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Key dates
02Disclosure timeline
December 16, 2024
CVE published
April 28, 2026
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2025-48200
CVE-2024-47561 Apache Avro Java SDK: Arbitrary Code Execution when reading Avro schema (Java SDK)
CVE-2025-67535 WordPress WP Maps plugin <= 4.8.6 - PHP Object Injection vulnerability
CVE-2023-40595 Remote Code Execution via Serialized Session Payload
CVE-2025-32928 WordPress Altair theme <= 5.2.2 - PHP Object Injection vulnerability
