8068 matches found
CVE-2018-20984
The patreon-connect plugin before 1.2.2 for WordPress has Object Injection...
CVE-2017-18583
The post-pay-counter plugin before 2.731 for WordPress has PHP Object Injection...
Design/Logic Flaw
The option-tree plugin before 2.7.3 for WordPress has Object Injection because the + character is mishandled...
Design/Logic Flaw
The post-pay-counter plugin before 2.731 for WordPress has PHP Object Injection...
Design/Logic Flaw
The patreon-connect plugin before 1.2.2 for WordPress has Object Injection...
Code injection
The option-tree plugin before 2.7.3 for WordPress has Object Injection because serialized classes are mishandled...
Code injection
The option-tree plugin before 2.7.0 for WordPress has Object Injection by leveraging a valid nonce...
CVE-2017-18583
The post-pay-counter plugin before 2.731 for WordPress has PHP Object Injection...
CVE-2017-18583
CVE-2017-18583 affects the WordPress plugin post-pay-counter (before 2.731) with a PHP Object Injection flaw. The advisory sources identify this as a high/critical issue: CVSS v2 base score 7.5 (HIGH) and CVSS v3.0 base score 9.8 (CRITICAL) with network attack vector, no user interaction, and imp...
CVE-2018-20984
The patreon-connect plugin before 1.2.2 for WordPress has Object Injection...
CVE-2018-20984
The vulnerability CVE-2018-20984 affects the Patreon Connect WordPress plugin prior to version 1.2.2, where a PHP Object Injection weakness has been reported. Multiple sources (NVD entry and Red Hat CVE page) corroborate the issue as an object-injection flaw in the Patreon Connect plugin for Word...
CVE-2019-15321
The option-tree plugin before 2.7.3 for WordPress has Object Injection because serialized classes are mishandled...
CVE-2019-15321
CVE-2019-15321 applies to the WordPress plugin “Option Tree” prior to version 2.7.3, where an Object Injection vulnerability arises from mishandled serialized classes. The entry is documented across multiple sources (NVD description: “option-tree plugin before 2.7.3 for WordPress has Object Injec...
CVE-2019-15320
The option-tree plugin before 2.7.3 for WordPress has Object Injection because the + character is mishandled...
CVE-2019-15320
CVE-2019-15320 concerns the WordPress plugin OptionTree prior to version 2.7.3. The vulnerability is an Object Injection flaw caused by mishandling the + character, as documented by multiple sources (NVD, Red Hat, WPVulndb, etc.). Impact is described as affecting confidentiality, integrity, and a...
CVE-2019-15319
The option-tree plugin before 2.7.0 for WordPress has Object Injection by leveraging a valid nonce...
CVE-2019-15319
CVE-2019-15319 concerns the WordPress plugin OptionTree, vulnerable before version 2.7.0. The issue is PHP Object Injection enabled by leveraging a valid nonce, as described in multiple sources (NVD entry and vendor/WP listings). Impact details in the NVD metrics show high/critical severity (CVSS...
Breaking Into Your Company's Internal Network - SuiteCRM 7.11.4
As part of our efforts to make the open source web application space more secure we scanned SuiteCRM 7.11.4 with our static code analysis tool RIPS and we detected multiple critical vulnerabilities. Among them is a SQL Injection that can be exploited as a normal user CVE-2019-12598, which can be...
Critical Flaws Found in Widely Used IPTV Software for Online Streaming Services
Security researchers have discovered multiple critical vulnerabilities in a popular IPTV middleware platform that is currently being used by more than a thousand regional and international online media streaming services to manage their millions of subscribers. Discovered by security researchers ...
e107 < 2.1.3 SQL Injection Vulnerability
e107 is prone to an SQL injection vulnerability through object injection. Copyright C 2019 Greenbone Networks GmbH, https://www.greenbone.net SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public...