10 matches found
CVE-2024-7432
The Unseen Blog theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is...
CVE-2024-7432
The Unseen Blog theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is...
CVE-2024-7432
The Unseen Blog theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is...
CVE-2024-7432
CVE-2024-7432 — Unseen Blog Theme (WordPress) is affected up to version 1.0.0. The issue is a PHP Object Injection via deserialization of untrusted input. Authenticated attackers with Contributor-level access or higher can inject a PHP object. No POP chain is confirmed in the core vulnerable soft...
CVE-2024-7432 Unseen Blog <= 1.0.0 - Authenticated (Contributor+) PHP Object Injection
The Unseen Blog theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is...
CVE-2024-7432 Unseen Blog <= 1.0.0 - Authenticated (Contributor+) PHP Object Injection
The Unseen Blog theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is...
WordPress Unseen Blog theme <= 1.0.0 - Authenticated (Contributor+) PHP Object Injection vulnerability
Authenticated Contributor+ PHP Object Injection vulnerability discovered by Francesco Carlucci in WordPress Theme Unseen Blog versions = 1.0.0...
WordPress Unseen Blog Theme <= 1.0.0 is vulnerable to PHP Object Injection
Software Unseen Blog Type Theme Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-7432 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID acc2ad92c272 Credits Francesco Carlucci Required privilege...
WordPress plugin Unseen Blog 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...
PT-2024-38343 · WordPress · Unseen Blog Theme
Name of the Vulnerable Software and Affected Versions: Unseen Blog theme for WordPress versions up to, and including, 1.0.0 Description: The Unseen Blog theme for WordPress is vulnerable to PHP Object Injection via deserialization of untrusted input. This makes it possible for authenticated...