2 matches found
CVE-2024-13789
The ravpage plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.31 via deserialization of untrusted input from the 'paramsv2' parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the...
PT-2025-7389 · WordPress · Ravpage
Name of the Vulnerable Software and Affected Versions: Ravpage plugin for WordPress versions up to, and including, 2.31 Description: The issue concerns a PHP Object Injection vulnerability via deserialization of untrusted input from the paramsv2 parameter. This allows unauthenticated attackers to...