CVE-2024-7433

CVE-2024-7433 (Empowerment theme for WordPress) is an authenticated object-injection vulnerability. The Empowerment theme (versions ≤ 1.0.2) allows deserialization of untrusted input, enabling attackers with Contributor+ privileges to inject a PHP object. The base vulnerability description notes ...

CVE-2024-7433 Empowerment <= 1.0.2 - Authenticated (Contributor+) PHP Object Injection

The Empowerment theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.2 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is...

CVE-2024-7432 Unseen Blog <= 1.0.0 - Authenticated (Contributor+) PHP Object Injection

The Unseen Blog theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is...

CVE-2024-7432 Unseen Blog <= 1.0.0 - Authenticated (Contributor+) PHP Object Injection

The Unseen Blog theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is...

CVE-2024-7432

CVE-2024-7432 — Unseen Blog Theme (WordPress) is affected up to version 1.0.0. The issue is a PHP Object Injection via deserialization of untrusted input. Authenticated attackers with Contributor-level access or higher can inject a PHP object. No POP chain is confirmed in the core vulnerable soft...

WordPress UltraPress theme <= 1.2.1 - Authenticated (Contributor+) PHP Object Injection vulnerability

Authenticated Contributor+ PHP Object Injection vulnerability discovered by Francesco Carlucci in WordPress Theme UltraPress versions = 1.2.1...

WordPress UltraPress Theme <= 1.2.1 is vulnerable to PHP Object Injection

Software UltraPress Type Theme Vulnerable versions = 1.2.1 Fixed in N/A OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-7434 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID 4b0bbff9d028 Credits Francesco Carlucci Required privilege...

WordPress plugin Unseen Blog 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

WordPress plugin UltraPress 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

PT-2024-38345 · WordPress · Ultrapress

Name of the Vulnerable Software and Affected Versions: UltraPress theme for WordPress versions up to, and including, 1.2.1 Description: The UltraPress theme for WordPress is vulnerable to PHP Object Injection via deserialization of untrusted input. This makes it possible for authenticated...

WordPress Unseen Blog Theme <= 1.0.0 is vulnerable to PHP Object Injection

Software Unseen Blog Type Theme Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-7432 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID acc2ad92c272 Credits Francesco Carlucci Required privilege...

WordPress Empowerment Theme <= 1.0.2 is vulnerable to PHP Object Injection

Software Empowerment Type Theme Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-7433 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID 0e87e0a8a717 Credits Francesco Carlucci Required privilege...

Exploit for Deserialization of Untrusted Data in Givewp

This post is a research article published by EQSTLabhttps://g...

WordPress WP JobSearch plugin <= 2.5.9 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Bonds Patchstack Alliance in WordPress Plugin JobSearch versions = 2.5.9...

WordPress GiveWP Plugin <= 3.16.2 is vulnerable to PHP Object Injection

Software GiveWP Type Plugin Vulnerable versions = 3.16.2 Fixed in 3.16.3 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-8353 Patch priority High CVSS severity High 10 Developer Liquid Web / StellarWP PSID ab27727ec281 Credits cuokon Required privilege Unauthenticated...

WordPress JobSearch Plugin <= 2.5.9 is vulnerable to PHP Object Injection

Software JobSearch Type Plugin Vulnerable versions = 2.5.9 Fixed in 2.6.1 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-47636 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 5e0aa88de68e Credits Bonds Required privilege Unauthenticated...

CVE-2024-8353

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1 via deserialization of untrusted input via several parameters like 'givetitle' and 'cardaddress'. This makes it possible for unauthenticate...

CVE-2024-8353

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1 via deserialization of untrusted input via several parameters like 'givetitle' and 'cardaddress'. This makes it possible for unauthenticate...

CVE-2024-8353 GiveWP – Donation Plugin and Fundraising Platform <= 3.16.1 - Unauthenticated PHP Object Injection

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1 via deserialization of untrusted input via several parameters like 'givetitle' and 'cardaddress'. This makes it possible for unauthenticate...

CVE-2024-8353

The CVE-2024-8353 entry documents a PHP Object Injection in the GiveWP WordPress plugin up to version 3.16.1, exploitable via deserialization of untrusted input (examples: give_title, card_address). A POP chain can enable arbitrary file deletion and remote code execution. This is aligned with CVE...