EUVD-2023-59179

Malicious code in bioql PyPI...

CVE-2024-10936

CVE-2024-10936 relates to the WordPress String Locator plugin (versions up to 2.6.6). The vulnerability enables unauthenticated PHP Object Injection via deserialization in the recursive_unserialize_replace function. If a POP chain exists through another plugin/theme, an attacker could delete arbi...

WordPress plugin String locator 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

PT-2024-15161 · WordPress · String Locator Plugin

Name of the Vulnerable Software and Affected Versions: String locator plugin for WordPress versions up to, and including, 2.6.5 Description: The issue is related to Reflected Cross-Site Scripting via the sql-column parameter due to insufficient input sanitization and output escaping. This allows...

CVE-2022-2434

The CVE-2022-2434 entry affects the WordPress String Locator plugin (versions up to and including 2.5.0). The underlying issue is deserialization of untrusted input via the string-locator-path parameter, which can allow a PHAR-based call to arbitrary PHP objects when an action is triggered (e.g.,...

WordPress String locator plugin路径遍历漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress String locator plugin version 2.5.0 before the path traversal vulnerability, the vulnerability is derived from String locato...