WordPress Attire theme <= 2.0.6 - Authenticated (Contributor+) PHP Object Injection vulnerability

Authenticated Contributor+ PHP Object Injection vulnerability discovered by Francesco Carlucci in WordPress Theme Attire versions = 2.0.6...

WordPress Attire Theme <= 2.0.6 is vulnerable to PHP Object Injection

Software Attire Type Theme Vulnerable versions = 2.0.6 Fixed in 2.0.7 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-7435 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID 834924dbc4f2 Credits Francesco Carlucci Required privilege Contribut...

CVE-2024-7435

The Attire theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.6 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is prese...

CVE-2024-7435

The Attire theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.6 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is prese...

CVE-2024-7435

CVE-2024-7435 affects the Attire WordPress theme (all versions up to 2.0.6). The issue is PHP Object Injection via deserialization of untrusted input, exploitable by authenticated attackers with Contributor-level access and above to inject a PHP object. The description notes the presence of a POP...

CVE-2024-7435 Attire <= 2.0.6 - Authenticated (Contributor+) PHP Object Injection

The Attire theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.6 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is prese...

CVE-2024-7435 Attire <= 2.0.6 - Authenticated (Contributor+) PHP Object Injection

The Attire theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.6 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is prese...

PT-2024-38346 · WordPress · Attire

Name of the Vulnerable Software and Affected Versions: The Attire theme for WordPress versions up to, and including, 2.0.6 Description: The Attire theme for WordPress is vulnerable to PHP Object Injection via deserialization of untrusted input. This makes it possible for authenticated attackers,...