Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

CVE
CVEadded 2024/12/11 10:57 a.m.48 views

CVE-2024-12294

CVE-2024-12294 — The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable to Sensitive Information Exposure via get_legacy_cookies, affecting all versions up to 1.0.1. Unauthenticated attackers can obtain titles and permalinks of private, password-protected, pending, and draft posts...

5.3CVSS6.8AI score0.00728EPSS
Exploits0References3
NVD
NVDadded 2024/05/14 3:39 p.m.9 views

CVE-2024-3070

The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input from the LastViewedPosts Cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known...

9.8CVSS9.7AI score0.02638EPSS
Exploits0References2
Cvelist
Cvelistadded 2024/05/09 8:3 p.m.13 views

CVE-2024-3070 Last Viewed Posts by WPBeginner <= 1.0.0 - Unauthenticated PHP Object Injection

The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input from the LastViewedPosts Cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known...

9.8CVSS9.9AI score0.02638EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2024/05/09 8:3 p.m.24 views

CVE-2024-3070 Last Viewed Posts by WPBeginner <= 1.0.0 - Unauthenticated PHP Object Injection

The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input from the LastViewedPosts Cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known...

9.8CVSS7.4AI score0.02638EPSS
Exploits0References2
Patchstack
Patchstackadded 2024/05/03 8:39 a.m.2 views

WordPress Last Viewed Posts by WPBeginner plugin <= 1.0.0 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability discovered by Francesco Carlucci in WordPress Plugin Last Viewed Posts by WPBeginner versions = 1.0.0...

9.8CVSS7.3AI score0.02638EPSS
Exploits0References1Affected Software1
Patchstack
Patchstackadded 2024/05/03 12:0 a.m.7 views

WordPress Last Viewed Posts by WPBeginner Plugin <= 1.0.0 is vulnerable to PHP Object Injection

Software Last Viewed Posts by WPBeginner Type Plugin Vulnerable versions = 1.0.0 Fixed in 1.0.1 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-3070 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 1e1e21bf8373 Credits Francesco Carlucci Requir...

9.8CVSS6.8AI score0.02638EPSS
Exploits0References3Affected Software1
WPVulnDB
WPVulnDBadded 2024/05/02 12:0 a.m.18 views

Last Viewed Posts by WPBeginner < 1.0.1 - Unauthenticated PHP Object Injection

Description The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input from the LastViewedPosts Cookie. This makes it possible for unauthenticated attackers to inject a PHP Objec...

9.8CVSS7.7AI score0.02638EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder