3 matches found
CVE-2024-10079
The WP Easy Post Types plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.4.4 via deserialization of untrusted input from the 'text' parameter in the 'ajaximportcontent' function. This allows authenticated attackers, with subscriber-level permissions an...
CVE-2024-10079 WP Easy Post Types <= 1.4.4 - Authenticated (Subscriber+) PHP Object Injection
The WP Easy Post Types plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.4.4 via deserialization of untrusted input from the 'text' parameter in the 'ajaximportcontent' function. This allows authenticated attackers, with subscriber-level permissions an...
WordPress Easy Post Types Plugin <= 1.4.4 is vulnerable to PHP Object Injection
Software Easy Post Types Type Plugin Vulnerable versions = 1.4.4 Fixed in N/A OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-10079 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID da4c9b968b4a Credits István Márton Required privilege Subscribe...