111 matches found
Deserialization of untrusted data
The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to deserialization of untrusted input via the 'path' parameter in versions up to, and including 0.9.74. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper...
Deserialization of untrusted data
The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to deserialization of untrusted input via the 'almrepeatersexport' parameter in versions up to, and including 5.5.3. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they...
CVE-2022-2438 Broken Link Checker <= 1.11.16 - Authenticated (Admin+) PHAR Deserialization
The Broken Link Checker plugin for WordPress is vulnerable to deserialization of untrusted input via the '$logfile' value in versions up to, and including 1.11.16. This makes it possible for authenticated attackers with administrative privileges and above to call files using a PHAR wrapper that...
CVE-2022-2434 String Locator <= 2.5.0 - Cross-Site Request Forgery to PHAR Deserialization
The String Locator plugin for WordPress is vulnerable to deserialization of untrusted input via the 'string-locator-path' parameter in versions up to, and including 2.5.0. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they can trick a site...
CVE-2022-2434 String Locator <= 2.5.0 - Cross-Site Request Forgery to PHAR Deserialization
The String Locator plugin for WordPress is vulnerable to deserialization of untrusted input via the 'string-locator-path' parameter in versions up to, and including 2.5.0. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they can trick a site...
CVE-2022-2436 Download Manager <= 3.2.49 - Authenticated (Contributor+) PHAR Deserialization
The Download Manager plugin for WordPress is vulnerable to deserialization of untrusted input via the 'filepackagedir' parameter in versions up to, and including 3.2.49. This makes it possible for authenticated attackers with contributor privileges and above to call files using a PHAR wrapper tha...
CVE-2022-2433 WordPress Infinite Scroll – Ajax Load More <= 5.5.3 - Cross-Site Request Forgery to PHAR Deserialization
The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to deserialization of untrusted input via the 'almrepeatersexport' parameter in versions up to, and including 5.5.3. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they...
PT-2022-16623
Name of the Vulnerable Software and Affected Versions String Locator plugin for WordPress versions up to, and including 2.5.0 Description The issue allows deserialization of untrusted input via the string-locator-path parameter. This enables unauthenticated users to call files using a PHAR wrappe...
CVE-2022-2437
The Feed Them Social – for Twitter feed, Youtube and more plugin for WordPress is vulnerable to deserialization of untrusted input via the 'ftsurl' parameter in versions up to, and including 2.9.8.5. This makes it possible for unauthenticated attackers to call files using a PHAR wrapper that will...
CVE-2022-2444
The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to deserialization of untrusted input via the 'remotedata' parameter in versions up to, and including 3.7.9. This makes it possible for authenticated attackers with contributor privileges and above to call...
CVE-2022-2444
The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to deserialization of untrusted input via the 'remotedata' parameter in versions up to, and including 3.7.9. This makes it possible for authenticated attackers with contributor privileges and above to call...
Deserialization of untrusted data
The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to deserialization of untrusted input via the 'remotedata' parameter in versions up to, and including 3.7.9. This makes it possible for authenticated attackers with contributor privileges and above to call...
Deserialization of untrusted data
The Feed Them Social – for Twitter feed, Youtube and more plugin for WordPress is vulnerable to deserialization of untrusted input via the 'ftsurl' parameter in versions up to, and including 2.9.8.5. This makes it possible for unauthenticated attackers to call files using a PHAR wrapper that will...
CVE-2022-2437
CVE-2022-2437 affects the WordPress plugin Feed Them Social (versions up to and including 2.9.8.5). The vulnerability is described as deserialization of untrusted input through the fts_url parameter, enabling an unauthenticated attacker to trigger a PHAR wrapper to deserialize data and invoke arb...
CVE-2022-2444
The CVE-2022-2444 issue affects the WordPress plugin Visualizer (Tables and Charts Manager) up to version 3.7.9. It hinges on deserialization of untrusted input via the remote_data parameter, allowing authenticated attackers with contributor privileges to upload a payload that can be executed thr...
CVE-2022-2444 Visualizer: Tables and Charts Manager for WordPress <= 3.7.9 - Authenticated (Contributor+) PHAR Deserialization
The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to deserialization of untrusted input via the 'remotedata' parameter in versions up to, and including 3.7.9. This makes it possible for authenticated attackers with contributor privileges and above to call...
WordPress plugin Feed Them Social 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Feed Them...
PT-2022-16649 · WordPress · Feed Them Social
Name of the Vulnerable Software and Affected Versions: Feed Them Social – for Twitter feed, Youtube and more plugin for WordPress versions up to, and including 2.9.8.5 Description: The issue allows deserialization of untrusted input via the fts url parameter. This enables unauthenticated attacker...
PT-2022-16697 · WordPress · The Visualizer: Tables/Charts Manager For Wordpress
Name of the Vulnerable Software and Affected Versions: The Visualizer: Tables and Charts Manager for WordPress versions up to, and including 3.7.9 Description: The issue concerns deserialization of untrusted input via the remote data parameter. This allows authenticated attackers with contributor...
Visualizer: Tables and Charts Manager for WordPress < 3.7.10 - Contributor+ PHAR Deserialization
The plugin does not validate the ‘remotedata’ parameter allowing contributor and above roles to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP objects when a POP chain is present...