PT-2024-21587 · WordPress · Betheme

Name of the Vulnerable Software and Affected Versions: Betheme theme for WordPress versions up to, and including, 27.5.6 Description: The issue is related to PHP Object Injection via deserialization of untrusted input of the mfn-page-items post meta value. This allows authenticated attackers with...

CVE-2024-7561 The Next <= 1.1.0 - Authenticated (Contributor+) PHP Object Injection

The The Next theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.0 via deserialization of untrusted input from the wpedenpostmeta post meta value. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject...