3 matches found
CVE-2024-7560
The News Flash theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.0 via deserialization of untrusted input from the newsflashpostmeta meta value. This makes it possible for authenticated attackers, with Editor-level access and above, to inject a PH...
CVE-2024-7560 News Flash <= 1.1.0 - Authenticated (Editor+) PHP Object Injection
The News Flash theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.0 via deserialization of untrusted input from the newsflashpostmeta meta value. This makes it possible for authenticated attackers, with Editor-level access and above, to inject a PH...
WordPress News Flash Theme <= 1.1.0 is vulnerable to PHP Object Injection
Software News Flash Type Theme Vulnerable versions = 1.1.0 Fixed in N/A OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-7560 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID 645105e26eb0 Credits Francesco Carlucci Required privilege Editor...