3 matches found
CVE-2024-3240
The ConvertPlug plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.25 via deserialization of untrusted input from the 'settingsencoded' attribute of the 'smileinfobar' shortcode. This makes it possible for authenticated attackers, with...
WordPress ConvertPlus Plugin <= 3.5.25 is vulnerable to PHP Object Injection
Software ConvertPlus Type Plugin Vulnerable versions = 3.5.25 Fixed in 3.5.26 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-3240 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID 5120b9c81ed3 Credits 1337Wannabe Required privilege...
CVE-2024-3240
The ConvertPlug plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.25 via deserialization of untrusted input from the 'settingsencoded' attribute of the 'smileinfobar' shortcode. This makes it possible for authenticated attackers, with...