4 matches found
WordPress Postmatic Plugin < 2.2.10 is vulnerable to PHP Object Injection
Software Postmatic Type Plugin Vulnerable versions 2.2.10 Fixed in 2.2.10 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2022-4265 Patch priority High CVSS severity High 7.4 Developer Claim ownership PSID 96f8ea22622f Credits Lana Codes Required privilege Subscriber...
CVE-2022-4265 Replyable < 2.2.10 - Subscriber+ PHP Object Injection
The Replyable WordPress plugin before 2.2.10 does not validate the class name submitted by the request when instantiating an object in the promptdismissnotice action and also lacks CSRF check in the related action. This could allow any authenticated users, such as subscriber to perform Object...
CVE-2022-4265 Replyable < 2.2.10 - Subscriber+ PHP Object Injection
The Replyable WordPress plugin before 2.2.10 does not validate the class name submitted by the request when instantiating an object in the promptdismissnotice action and also lacks CSRF check in the related action. This could allow any authenticated users, such as subscriber to perform Object...
CVE-2022-4265
CVE-2022-4265 affects the Replyable WordPress plugin prior to 2.2.10. The vulnerability arises because the plugin does not validate the submitted class name when instantiating an object in the prompt_dismiss_notice action and is missing a CSRF check in the related action, enabling any authenticat...