CVE-2024-6152 is a deserialization vulnerability classified under CWE-502 affecting the Flipbox Builder plugin for WordPress. The flaw arises from unsafe deserialization of untrusted input within the flipbox_builder_Flipbox_ShortCode function, enabling PHP Object Injection attacks. Authenticated attackers with Contributor-level privileges or higher can exploit this vulnerability by injecting crafted serialized PHP objects. Although the plugin itself does not contain a gadget chain (POP chain) to directly achieve code execution or other malicious effects, the presence of other plugins or themes on the WordPress installation may provide such chains. If a suitable POP chain exists, attackers could leverage this to delete arbitrary files, extract sensitive information, or execute arbitrary code remotely. The vulnerability affects all versions up to 1.5 inclusive. The CVSS v3.1 base score is 8.8, reflecting network attack vector, low attack complexity, required privileges at the contributor level, no user interaction, and high impact on confidentiality, integrity, and availability. No public exploits have been reported yet. The vulnerability was reserved in June 2024 and published in July 2024. The lack of a patch link suggests that a fix may not yet be available or publicly released, increasing the urgency for mitigation.

This vulnerability poses a significant risk to WordPress sites using the Flipbox Builder plugin, especially those with multiple contributors or editors. Successful exploitation can lead to severe consequences including unauthorized disclosure of sensitive data, deletion of critical files, and potentially full remote code execution if a suitable POP chain is present via other installed plugins or themes. This can result in website defacement, data breaches, service disruption, and complete site takeover. Given WordPress's widespread use globally, the impact can extend to many organizations, particularly those relying on Flipbox Builder for content presentation. The requirement for authenticated access limits exploitation to users with some level of site privileges, but Contributor-level access is common in collaborative environments, increasing the attack surface. The vulnerability undermines the integrity and availability of affected websites and can facilitate lateral movement within compromised environments.

Organizations should immediately audit their WordPress installations for the presence of the Flipbox Builder plugin and restrict Contributor-level access to trusted users only. Until an official patch is released, consider disabling or removing the plugin to eliminate the attack vector. Employ web application firewalls (WAFs) with rules targeting PHP object injection patterns and monitor logs for suspicious serialized payloads. Review and minimize the number of installed plugins and themes to reduce the likelihood of a POP chain existing. Implement strict input validation and sanitization where possible. Regularly back up website data and files to enable recovery in case of compromise. Monitor security advisories from the plugin vendor and WordPress security communities for updates or patches. If feasible, conduct penetration testing focused on deserialization vulnerabilities to identify potential exploitation paths.