CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2 matches found

Patchstack•added 2025/12/16 5:33 p.m.•4 views

WordPress Doubly plugin <= 1.0.46 - Authenticated (Subscriber+) PHP Object Injection via ZIP File Import vulnerability

Authenticated Subscriber+ PHP Object Injection via ZIP File Import vulnerability discovered by Bartłomiej Bergier bergee in WordPress Plugin Doubly - Cross Domain Copy Paste for WordPress versions = 1.0.46...

8.8CVSS7.1AI score0.00197EPSS

Exploits0References1Affected Software1

CVE•added 2025/12/13 4:31 a.m.•8 views

CVE-2025-14476

CVE-2025-14476 concerns the WordPress plugin “Doubly – Cross Domain Copy Paste.” According to Wordfence, versions up to and including 1.0.46 are vulnerable to PHP Object Injection via deserialization of untrusted input from content.txt inside uploaded ZIP archives. The issue is exploitable by aut...

8.8CVSS6.3AI score0.00197EPSS

Exploits0References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by