CVE-2024-6152

The Flipbox Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.5 via deserialization of untrusted input in the flipboxbuilderFlipboxShortCode function. This makes it possible for authenticated attackers, with Contributor-level access and...

WordPress Flipbox Builder plugin <= 1.5 - Authenticated (Contributor+) PHP Object Injection vulnerability

Authenticated Contributor+ PHP Object Injection vulnerability discovered by Francesco Carlucci in WordPress Plugin Flipbox Builder versions = 1.5...

WordPress Flipbox Builder Plugin <= 1.5 is vulnerable to PHP Object Injection

Software Flipbox Builder Type Plugin Vulnerable versions = 1.5 Fixed in N/A OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-6152 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID 06c48daece2a Credits Francesco Carlucci Required privilege...

CVE-2024-6152

The Flipbox Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.5 via deserialization of untrusted input in the flipboxbuilderFlipboxShortCode function. This makes it possible for authenticated attackers, with Contributor-level access and...

CVE-2024-6152

CVE-2024-6152 describes a PHP object injection in the WordPress plugin Flipbox Builder (versions ≤ 1.5) via deserialization in the flipbox_builder_Flipbox_ShortCode function. Authenticated attackers with Contributor-level access or higher can inject a PHP object. No POP chain is known in the core...

WordPress plugin Flipbox Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-37417 · WordPress · Flipbox Builder

Name of the Vulnerable Software and Affected Versions: Flipbox Builder plugin for WordPress versions up to, and including, 1.5 Description: The issue allows authenticated attackers with Contributor-level access and above to inject a PHP Object via deserialization of untrusted input in the flipbox...