8 matches found
CVE-2024-1792
The CMB2 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.10.1 via deserialization of untrusted input from the textdatetimetimestamptimezone field. This makes it possible for authenticated attackers, with contributor access or higher, to inject a...
CVE-2024-1792
The CMB2 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.10.1 via deserialization of untrusted input from the textdatetimetimestamptimezone field. This makes it possible for authenticated attackers, with contributor access or higher, to inject a...
CVE-2024-1792
The CVE-2024-1792 entry concerns the CMB2 WordPress plugin, affected in all versions up to and including 2.10.1. The flaw is a PHP Object Injection via deserialization of untrusted input in the text_datetime_timestamp_timezone field, which authenticated attackers with contributor access or higher...
CVE-2024-1792 CMB2 <= 2.10.1 - Authenticated (Contributor+) PHP Object Injection
The CMB2 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.10.1 via deserialization of untrusted input from the textdatetimetimestamptimezone field. This makes it possible for authenticated attackers, with contributor access or higher, to inject a...
CVE-2024-1792 CMB2 <= 2.10.1 - Authenticated (Contributor+) PHP Object Injection
The CMB2 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.10.1 via deserialization of untrusted input from the textdatetimetimestamptimezone field. This makes it possible for authenticated attackers, with contributor access or higher, to inject a...
PT-2024-18310 · WordPress · Cmb2
Name of the Vulnerable Software and Affected Versions: CMB2 plugin for WordPress versions up to, and including, 2.10.1 Description: The CMB2 plugin for WordPress is vulnerable to PHP Object Injection via deserialization of untrusted input from the text datetime timestamp timezone field. This allo...
WordPress CMB2 plugin <= 2.10.1 - Authenticated (Contributor+) PHP Object Injection vulnerability
Authenticated Contributor+ PHP Object Injection vulnerability discovered by Francesco Carlucci in WordPress Plugin CMB2 versions = 2.10.1...
WordPress CMB2 Plugin <= 2.10.1 is vulnerable to PHP Object Injection
Software CMB2 Type Plugin Vulnerable versions = 2.10.1 Fixed in 2.11.0 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-1792 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID dc0ad3e4851e Credits Francesco Carlucci Required privilege Contributor...