CVE-2023-6528

The Slider Revolution WordPress plugin before 6.6.19 does not prevent users with at least the Author role from unserializing arbitrary content when importing sliders, potentially leading to Remote Code Execution...

PT-2024-14995 · WordPress · Slider Revolution

Name of the Vulnerable Software and Affected Versions: Slider Revolution WordPress plugin versions prior to 6.6.19 Description: The issue allows users with at least the Author role to unserialize arbitrary content when importing sliders, potentially leading to Remote Code Execution...

CVE-2022-3374

The Ocean Extra WordPress plugin before 2.0.5 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import intentionally or not a malicious Customizer Styling file and a suitable gadget chain is present on the blog...

CVE-2022-3335

The Kadence WooCommerce Email Designer WordPress plugin before 1.5.7 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog...