3 matches found
CVE-2024-5649 Universal Slider <= 1.6.5 - Authenticated (Contributor+) PHP Object Injection
The Universal Slider plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.5 via deserialization of untrusted input 'fslgetgalleryvalue' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject ...
CVE-2024-5649 Universal Slider <= 1.6.5 - Authenticated (Contributor+) PHP Object Injection
The Universal Slider plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.5 via deserialization of untrusted input 'fslgetgalleryvalue' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject ...
WordPress Universal Slider Plugin <= 1.6.5 is vulnerable to PHP Object Injection
Software Universal Slider Type Plugin Vulnerable versions = 1.6.5 Fixed in N/A OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-5649 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 2d895bf03490 Credits Francesco Carlucci Required privilege...