Lucene search
+L

7 matches found

Nuclei
Nuclei
added yesterday31 views

GiveWP Donation Plugin <= 3.16.1 - Unauthenticated PHP Object Injection

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1. This is due to insufficient input validation on user-supplied data. An unauthenticated attacker can inject a serialized PHP object, which...

10CVSS9.1AI score0.28931EPSS
Exploits3References4
NVD
NVD
added 2025/10/27 3:15 p.m.15 views

CVE-2025-34292

Rox, the software running BeWelcome, contains a PHP object injection vulnerability resulting from deserialization of untrusted data. User-controlled input is passed to PHP's unserialize: the POST parameter formkitmemoryrecovery in \RoxPostHandler::getCallbackAction and the 'memory cookie' read by...

9.4CVSS0.0053EPSS
Exploits0References4
CVE
CVE
added 2025/10/27 2:36 p.m.17 views

CVE-2025-34292

The CVE-2025-34292 issue affects Rox (BeWelcome) where unsafely deserializing untrusted data enables PHP object injection. User input flows into unserialize() via the POST parameter formkit_memory_recovery in RoxPostHandler::getCallbackAction and via the bwRemember memory cookie used by RoxModelB...

9.4CVSS8AI score0.0053EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/10/27 2:36 p.m.17 views

CVE-2025-34292 BeWelcome/Rox PHP Object Injection RCE

Rox, the software running BeWelcome, contains a PHP object injection vulnerability resulting from deserialization of untrusted data. User-controlled input is passed to PHP's unserialize: the POST parameter formkitmemoryrecovery in \RoxPostHandler::getCallbackAction and the 'memory cookie' read by...

9.4CVSS0.0053EPSS
Exploits0References4
OSV
OSV
added 2021/12/15 7:15 p.m.5 views

CVE-2021-36888

Unauthenticated Arbitrary Options Update vulnerability leading to full website compromise discovered in Image Hover Effects Ultimate versions = 9.6.1 WordPress plugin...

9.8CVSS5.8AI score0.0674EPSS
Exploits1References2
WPVulnDB
WPVulnDB
added 2020/03/17 12:0 a.m.9 views

Custom Post Type UI < 1.7.4 - CSRF to Stored XSS

The Custom Post Type UI WordPress plugin was vulnerable to Cross-Site Request Forgery CSRF and Stored Cross-Site Scripting XSS within the "Import Post Types" functionality in the "Tools" tab. This functionality allows users to import "Post Types" from other websites, or from backup, as JSON. This...

1.7AI score
Exploits0References1Affected Software1
OSV
OSV
added 2018/03/28 6:14 p.m.7 views

DRUPAL-CORE-2018-002

A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised. The security team has written an FAQ about this issue...

9.8CVSS7.9AI score0.99993EPSS
Exploits46References1
Rows per page
Query Builder