Lucene search
K

4 matches found

NVD
NVD
added 2024/04/09 7:15 p.m.11 views

CVE-2024-1792

The CMB2 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.10.1 via deserialization of untrusted input from the textdatetimetimestamptimezone field. This makes it possible for authenticated attackers, with contributor access or higher, to inject a...

7.5CVSS7.6AI score0.00822EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/04/09 6:59 p.m.24 views

CVE-2024-1792 CMB2 <= 2.10.1 - Authenticated (Contributor+) PHP Object Injection

The CMB2 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.10.1 via deserialization of untrusted input from the textdatetimetimestamptimezone field. This makes it possible for authenticated attackers, with contributor access or higher, to inject a...

7.5CVSS7.8AI score0.00822EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/04/09 6:59 p.m.14 views

CVE-2024-1792 CMB2 <= 2.10.1 - Authenticated (Contributor+) PHP Object Injection

The CMB2 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.10.1 via deserialization of untrusted input from the textdatetimetimestamptimezone field. This makes it possible for authenticated attackers, with contributor access or higher, to inject a...

7.5CVSS7.5AI score0.00822EPSS
Exploits0References2
CVE
CVE
added 2024/04/09 6:59 p.m.64 views

CVE-2024-1792

The CVE-2024-1792 entry concerns the CMB2 WordPress plugin, affected in all versions up to and including 2.10.1. The flaw is a PHP Object Injection via deserialization of untrusted input in the text_datetime_timestamp_timezone field, which authenticated attackers with contributor access or higher...

7.5CVSS9.4AI score0.00822EPSS
Exploits0References2
Rows per page
Query Builder