3 matches found
CVE-2024-29136
Deserialization of Untrusted Data vulnerability in Themefic Tourfic tourfic.This issue affects Tourfic: from n/a through = 2.11.17...
CVE-2024-29136
CVE-2024-29136 affects the Tourfic WordPress plugin from Themefic, vulnerable to PHP Object Injection via deserialization of untrusted data in all versions up to 2.11.17. The vulnerability requires at least Subscriber+ authentication and could enable attacker-controlled object injection. Public s...
WordPress Tourfic Plugin <= 2.11.17 is vulnerable to PHP Object Injection
Software Tourfic Type Plugin Vulnerable versions = 2.11.17 Fixed in 2.11.19 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-29136 Patch priority High CVSS severity High 8.5 Developer Themefic PSID 0c2f99b8302e Credits LVT-tholv2k Required privilege Subscriber Published...