CVE-2024-10936

The String locator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.6 via deserialization of untrusted input in the 'recursiveunserializereplace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP...

WordPress Backup Migration plugin <= 1.4.6 - Unauthenticated PHP Object Injection via 'recursive_unserialize_replace' vulnerability

Unauthenticated PHP Object Injection via 'recursiveunserializereplace' vulnerability discovered by Webbernaut in WordPress Plugin Backup Migration versions = 1.4.6...