CVE-2017-18604

The sitebuilder-dynamic-components plugin through 1.0 for WordPress has PHP object injection via an AJAX request...

EUVD-2024-43488

Malicious code in bioql PyPI...

CVE-2024-49625

Deserialization of Untrusted Data vulnerability in sphoid SiteBuilder Dynamic Components sitebuilder-dynamic-components allows Object Injection.This issue affects SiteBuilder Dynamic Components: from n/a through = 1.0...

CVE-2024-49625

Deserialization of Untrusted Data vulnerability in sphoid SiteBuilder Dynamic Components sitebuilder-dynamic-components allows Object Injection.This issue affects SiteBuilder Dynamic Components: from n/a through = 1.0...

WordPress plugin SiteBuilder Dynamic Components 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in WordPres...

PT-2024-33580 · Brandon Clark · Brandon Clark Sitebuilder Dynamic Components

Name of the Vulnerable Software and Affected Versions: Brandon Clark SiteBuilder Dynamic Components versions n/a through 1.0 Description: The issue is related to Deserialization of Untrusted Data, which allows Object Injection in Brandon Clark SiteBuilder Dynamic Components. Recommendations: For...

WordPress SiteBuilder Dynamic Components Plugin <= 1.0 is vulnerable to PHP Object Injection

Software SiteBuilder Dynamic Components Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-49625 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 7e4e11ce38e6 Credits Mika Required privilege...

WordPress sitebuilder-dynamic-components plugin injection vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. sitebuilder-dynamic-components is a plugin for inserting dynamic content into static pages. An injection vulnerability exists in the...

CVE-2017-18604

The sitebuilder-dynamic-components plugin through 1.0 for WordPress has PHP object injection via an AJAX request...

CVE-2017-18604

The sitebuilder-dynamic-components plugin through 1.0 for WordPress has PHP object injection via an AJAX request...

CVE-2017-18604

The CVE-2017-18604 entry concerns the WordPress plugin sitebuilder-dynamic-components (up to version 1.0). Multiple sources confirm a PHP object injection vulnerability reachable via AJAX requests, enabling an unauthenticated/vector-based impact with HIGH integrity risk (CVSS v3.1: 7.5). Affected...

SiteBuilder Dynamic Components <= 1.0 - Unauthenticated PHP Object Injection

The plugin sitebuilder-dynamic-components insecurely trusts serialized data submitted over AJAX requests. This opens up the site to a PHP object injection vulnerability potential exploit vector. PoC Attack is exploitable over AJAX calls sites with the sitebuilder-dynamic-components Plugin...