2 matches found
CVE-2024-7433 Empowerment <= 1.0.2 - Authenticated (Contributor+) PHP Object Injection
The Empowerment theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.2 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is...
WordPress Empowerment Theme <= 1.0.2 is vulnerable to PHP Object Injection
Software Empowerment Type Theme Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-7433 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID 0e87e0a8a717 Credits Francesco Carlucci Required privilege...