2 matches found
CVE-2024-10936
The String locator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.6 via deserialization of untrusted input in the 'recursiveunserializereplace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP...
CVE-2024-10936
CVE-2024-10936 relates to the WordPress String Locator plugin (versions up to 2.6.6). The vulnerability enables unauthenticated PHP Object Injection via deserialization in the recursive_unserialize_replace function. If a POP chain exists through another plugin/theme, an attacker could delete arbi...