4 matches found
CVE-2024-1792
The CMB2 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.10.1 via deserialization of untrusted input from the textdatetimetimestamptimezone field. This makes it possible for authenticated attackers, with contributor access or higher, to inject a...
CVE-2024-1792 CMB2 <= 2.10.1 - Authenticated (Contributor+) PHP Object Injection
The CMB2 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.10.1 via deserialization of untrusted input from the textdatetimetimestamptimezone field. This makes it possible for authenticated attackers, with contributor access or higher, to inject a...
CVE-2024-1792 CMB2 <= 2.10.1 - Authenticated (Contributor+) PHP Object Injection
The CMB2 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.10.1 via deserialization of untrusted input from the textdatetimetimestamptimezone field. This makes it possible for authenticated attackers, with contributor access or higher, to inject a...
CVE-2024-1792
The CVE-2024-1792 entry concerns the CMB2 WordPress plugin, affected in all versions up to and including 2.10.1. The flaw is a PHP Object Injection via deserialization of untrusted input in the text_datetime_timestamp_timezone field, which authenticated attackers with contributor access or higher...