2 matches found
CVE-2024-1731 Auto Refresh Single Page <= 1.1 - Authenticated (Contributor+) PHP Object Injection
The Auto Refresh Single Page plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1 via deserialization of untrusted input from the arspoptions post meta option. This makes it possible for authenticated attackers, with contributor-level access and...
WordPress Auto Refresh Single Page Plugin <= 1.1 is vulnerable to PHP Object Injection
Software Auto Refresh Single Page Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-1731 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID d58385aa0db1 Credits Francesco Carlucci Required privilege...