Lucene search
K

111 matches found

Prion
Prion
added 2022/09/06 6:15 p.m.21 views

Deserialization of untrusted data

The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to deserialization of untrusted input via the 'path' parameter in versions up to, and including 0.9.74. This makes it possible for authenticated attackers with administrative privileges to call files using a PHAR wrapper...

5.8CVSS6.8AI score0.01408EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2022/09/06 6:15 p.m.19 views

Deserialization of untrusted data

The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to deserialization of untrusted input via the 'almrepeatersexport' parameter in versions up to, and including 5.5.3. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they...

6.8CVSS8.6AI score0.01251EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/09/06 5:18 p.m.39 views

CVE-2022-2438 Broken Link Checker <= 1.11.16 - Authenticated (Admin+) PHAR Deserialization

The Broken Link Checker plugin for WordPress is vulnerable to deserialization of untrusted input via the '$logfile' value in versions up to, and including 1.11.16. This makes it possible for authenticated attackers with administrative privileges and above to call files using a PHAR wrapper that...

7.2CVSS7AI score0.01385EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/09/06 5:18 p.m.40 views

CVE-2022-2434 String Locator <= 2.5.0 - Cross-Site Request Forgery to PHAR Deserialization

The String Locator plugin for WordPress is vulnerable to deserialization of untrusted input via the 'string-locator-path' parameter in versions up to, and including 2.5.0. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they can trick a site...

8.8CVSS8.8AI score0.01279EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2022/09/06 5:18 p.m.6 views

CVE-2022-2434 String Locator <= 2.5.0 - Cross-Site Request Forgery to PHAR Deserialization

The String Locator plugin for WordPress is vulnerable to deserialization of untrusted input via the 'string-locator-path' parameter in versions up to, and including 2.5.0. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they can trick a site...

8.8CVSS7.3AI score0.01279EPSS
Exploits0References4
Cvelist
Cvelist
added 2022/09/06 5:18 p.m.43 views

CVE-2022-2436 Download Manager <= 3.2.49 - Authenticated (Contributor+) PHAR Deserialization

The Download Manager plugin for WordPress is vulnerable to deserialization of untrusted input via the 'filepackagedir' parameter in versions up to, and including 3.2.49. This makes it possible for authenticated attackers with contributor privileges and above to call files using a PHAR wrapper tha...

8.8CVSS8.7AI score0.01408EPSS
Exploits0References4
Cvelist
Cvelist
added 2022/09/06 5:18 p.m.47 views

CVE-2022-2433 WordPress Infinite Scroll – Ajax Load More <= 5.5.3 - Cross-Site Request Forgery to PHAR Deserialization

The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to deserialization of untrusted input via the 'almrepeatersexport' parameter in versions up to, and including 5.5.3. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they...

7.5CVSS8.8AI score0.01251EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/09/06 12:0 a.m.5 views

PT-2022-16623

Name of the Vulnerable Software and Affected Versions String Locator plugin for WordPress versions up to, and including 2.5.0 Description The issue allows deserialization of untrusted input via the string-locator-path parameter. This enables unauthenticated users to call files using a PHAR wrappe...

8.8CVSS7.3AI score0.01279EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2022/07/18 5:15 p.m.3 views

CVE-2022-2437

The Feed Them Social – for Twitter feed, Youtube and more plugin for WordPress is vulnerable to deserialization of untrusted input via the 'ftsurl' parameter in versions up to, and including 2.9.8.5. This makes it possible for unauthenticated attackers to call files using a PHAR wrapper that will...

9.8CVSS6AI score0.0134EPSS
Exploits0References4
NVD
NVD
added 2022/07/18 5:15 p.m.38 views

CVE-2022-2444

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to deserialization of untrusted input via the 'remotedata' parameter in versions up to, and including 3.7.9. This makes it possible for authenticated attackers with contributor privileges and above to call...

8.8CVSS0.01762EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2022/07/18 5:15 p.m.20 views

CVE-2022-2444

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to deserialization of untrusted input via the 'remotedata' parameter in versions up to, and including 3.7.9. This makes it possible for authenticated attackers with contributor privileges and above to call...

8.8CVSS6AI score0.01762EPSS
Exploits0References7
Prion
Prion
added 2022/07/18 5:15 p.m.18 views

Deserialization of untrusted data

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to deserialization of untrusted input via the 'remotedata' parameter in versions up to, and including 3.7.9. This makes it possible for authenticated attackers with contributor privileges and above to call...

6.5CVSS8.4AI score0.01762EPSS
Exploits0References6Affected Software1
Prion
Prion
added 2022/07/18 5:15 p.m.14 views

Deserialization of untrusted data

The Feed Them Social – for Twitter feed, Youtube and more plugin for WordPress is vulnerable to deserialization of untrusted input via the 'ftsurl' parameter in versions up to, and including 2.9.8.5. This makes it possible for unauthenticated attackers to call files using a PHAR wrapper that will...

7.5CVSS9.4AI score0.0134EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2022/07/18 4:13 p.m.81 views

CVE-2022-2437

CVE-2022-2437 affects the WordPress plugin Feed Them Social (versions up to and including 2.9.8.5). The vulnerability is described as deserialization of untrusted input through the fts_url parameter, enabling an unauthenticated attacker to trigger a PHAR wrapper to deserialize data and invoke arb...

9.8CVSS9.4AI score0.0134EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2022/07/18 4:13 p.m.69 views

CVE-2022-2444

The CVE-2022-2444 issue affects the WordPress plugin Visualizer (Tables and Charts Manager) up to version 3.7.9. It hinges on deserialization of untrusted input via the remote_data parameter, allowing authenticated attackers with contributor privileges to upload a payload that can be executed thr...

8.8CVSS8.5AI score0.01762EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2022/07/18 4:13 p.m.9 views

CVE-2022-2444 Visualizer: Tables and Charts Manager for WordPress <= 3.7.9 - Authenticated (Contributor+) PHAR Deserialization

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to deserialization of untrusted input via the 'remotedata' parameter in versions up to, and including 3.7.9. This makes it possible for authenticated attackers with contributor privileges and above to call...

8.8CVSS7.4AI score0.01762EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/07/18 12:0 a.m.4 views

WordPress plugin Feed Them Social 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Feed Them...

9.8CVSS8.6AI score0.0134EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/07/18 12:0 a.m.7 views

PT-2022-16649 · WordPress · Feed Them Social

Name of the Vulnerable Software and Affected Versions: Feed Them Social – for Twitter feed, Youtube and more plugin for WordPress versions up to, and including 2.9.8.5 Description: The issue allows deserialization of untrusted input via the fts url parameter. This enables unauthenticated attacker...

9.8CVSS9.6AI score0.0134EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2022/07/18 12:0 a.m.25 views

PT-2022-16697 · WordPress · The Visualizer: Tables/Charts Manager For Wordpress

Name of the Vulnerable Software and Affected Versions: The Visualizer: Tables and Charts Manager for WordPress versions up to, and including 3.7.9 Description: The issue concerns deserialization of untrusted input via the remote data parameter. This allows authenticated attackers with contributor...

8.8CVSS8.6AI score0.01762EPSS
Exploits0References11
WPVulnDB
WPVulnDB
added 2022/07/05 12:0 a.m.23 views

Visualizer: Tables and Charts Manager for WordPress < 3.7.10 - Contributor+ PHAR Deserialization

The plugin does not validate the ‘remotedata’ parameter allowing contributor and above roles to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP objects when a POP chain is present...

3.8CVSS3.4AI score0.00572EPSS
Exploits0Affected Software1
Rows per page
Query Builder