5 matches found
WordPress PGS Core plugin <= 5.8.0 - Unauthenticated PHP Object Injection vulnerability
Unauthenticated PHP Object Injection vulnerability discovered by István Márton in WordPress Plugin PGS Core versions = 5.8.0...
CVE-2025-0855
creationtimestamp| type| source ---|---|--- 2025-05-06 23:22:18+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/15237 2025-05-07 00:03:21+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lok3r3qtkse2 2025-05-07 02:21:07+00:00| seen|...
CVE-2025-0855
The PGS Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.8.0 via deserialization of untrusted input in the 'importheader' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in...
CVE-2025-0855
CVE-2025-0855 affects the WordPress PGS Core plugin up to and including v5.8.0, enabling unauthenticated PHP Object Injection via deserialization in import_header. Impact ranges from arbitrary file deletion and data exposure to potential code execution if a POP chain exists with another plugin/th...
CVE-2025-0855 PGS Core <= 5.8.0 - Unauthenticated PHP Object Injection
The PGS Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.8.0 via deserialization of untrusted input in the 'importheader' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in...