CVE-2024-12721 Custom Product Tabs For WooCommerce <= 1.2.4 - Authenticated (Shop Manager+) PHP Object Injection

The Custom Product Tabs For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.4 via deserialization of untrusted input from the 'wbcustomtabs' parameter. This makes it possible for authenticated attackers, with Shop Manager-level acce...

WordPress plugin Custom Product Tabs For WooCommerce 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...

WordPress Custom Product Tabs For WooCommerce plugin <= 1.2.4 - Authenticated (Shop Manager+) PHP Object Injection vulnerability

Authenticated Shop Manager+ PHP Object Injection vulnerability discovered by Francesco Carlucci in WordPress Plugin Custom Product Tabs For WooCommerce versions = 1.2.4...

WordPress WP SuperBackup plugin <= 2.3.3 - Subscriber+ PHP Object Injection vulnerability

Subscriber+ PHP Object Injection vulnerability discovered by Dave Jong Patchstack in WordPress Plugin WP SuperBackup versions = 2.3.3...

CVE-2024-56058 WordPress VRPConnector plugin <= 2.0.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in denniskravetstns VRPConnector vrpconnector allows Object Injection.This issue affects VRPConnector: from n/a through = 2.0.1...

CVE-2024-56058

Summary (CVE-2024-56058): WordPress VRPConnector plugin versions ≤ 2.0.1 are affected by a deserialization of untrusted data vulnerability that enables PHP Object Injection. The issue allows unauthenticated attackers to inject a PHP object, potentially leading to compromise such as arbitrary file...

CVE-2024-56059 WordPress Partners plugin <= 0.2.0 - PHP Object Injection vulnerability

Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution' vulnerability in farinspace Partners partners allows Object Injection.This issue affects Partners: from n/a through = 0.2.0...

CVE-2024-56059 WordPress Partners plugin <= 0.2.0 - PHP Object Injection vulnerability

Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution' vulnerability in Mighty Digital Partners allows Object Injection.This issue affects Partners: from n/a through 0.2.0...

CVE-2024-56059

CVE-2024-56059: WordPress Partners plugin (versions

WordPress Partners plugin <= 0.2.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Le Ngoc Anh Patchstack Alliance in WordPress Plugin Partners versions = 0.2.0...

WordPress VRPConnector plugin <= 2.0.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Le Ngoc Anh Patchstack Alliance in WordPress Plugin VRPConnector versions = 2.0.1...

CVE-2024-54367 WordPress ForumWP plugin <= 2.1.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Ultimate Member ForumWP forumwp allows Object Injection.This issue affects ForumWP: from n/a through = 2.1.0...

CVE-2024-54367

CVE-2024-54367 affects ForumWP (ForumWP) up to version 2.1.0. Deserialization of untrusted data enables PHP object injection (unauthenticated). The Red Hat/Wordfence entries indicate the issue is acknowledged and patched in 2.1.0; remediation is to upgrade to the patched version (2.1.0) or later.

CVE-2024-54367 WordPress ForumWP plugin <= 2.1.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Ultimate Member ForumWP forumwp allows Object Injection.This issue affects ForumWP: from n/a through = 2.1.0...

CVE-2024-54282 WordPress WP Mega Menu plugin <= 1.4.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Themeum WP Mega Menu wp-megamenu allows Object Injection.This issue affects WP Mega Menu: from n/a through = 1.4.2...

CVE-2024-54282 WordPress WP Mega Menu plugin <= 1.4.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Themeum WP Mega Menu allows Object Injection.This issue affects WP Mega Menu: from n/a through 1.4.2...

CVE-2024-54273 WordPress Mail Picker plugin <= 1.0.14 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in PickPlugins Mail Picker allows Object Injection.This issue affects Mail Picker: from n/a through 1.0.14...

CVE-2024-54273 WordPress Mail Picker plugin <= 1.0.14 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in PickPlugins Mail Picker mail-picker allows Object Injection.This issue affects Mail Picker: from n/a through = 1.0.14...

CVE-2024-12312

The Print Science Designer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.152 via deserialization of untrusted input through the 'designer-saved-projects' cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No...

CVE-2024-12312 Print Science Designer <= 1.3.152 - Unauthenticated PHP Object Injection

The Print Science Designer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.152 via deserialization of untrusted input through the 'designer-saved-projects' cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No...