CVE-2024-5724 Photo Video Gallery Master <= 1.5.3 - Authenticated (Contributor+) PHP Object Injection
The Photo Video Gallery Master plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.5.3 via deserialization of untrusted input 'PVGMallphotosdetails' parameter. This makes it possible for authenticated attackers, with Contributor-level access and abov...