WordPress Theme Editor Plugin <= 2.8 is vulnerable to PHP Object Injection

Software Theme Editor Type Plugin Vulnerable versions = 2.8 Fixed in 2.9 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2022-2440 Patch priority Low CVSS severity Low 5.5 Developer Claim ownership PSID b13ac324d817 Credits Rasoul Jahanshahi Required privilege Administrator...

WordPress GiveWP Donation / Fundraising Platform 3.14.1 Code Execution Exploit

The GiveWP Donation plugin and Fundraising Platform plugin for WordPress in all versions up to and including 3.14.1 is vulnerable to a PHP object injection POI flaw granting an unauthenticated attacker arbitrary code execution. This module requires Metasploit: https://metasploit.com/download...

WordPress GiveWP Donation / Fundraising Platform 3.14.1 Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GiveWP Unauthenticated Donation Process Exploit', 'Description' = %q The GiveWP Donation Plugin and Fundraising Platform plugin for WordPress in...

CVE-2024-8030

The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin is vulnerable to PHP Object Injection via deserialization of untrusted input via the ultimatestorekitwishlist cookie in versions up to , and...

CVE-2024-8030 Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider <= 2.0.3 - Unauthenticated PHP Object Injection

The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin is vulnerable to PHP Object Injection via deserialization of untrusted input via the ultimatestorekitwishlist cookie in versions up to , and...

CVE-2024-8030 Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider <= 2.0.3 - Unauthenticated PHP Object Injection

The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin is vulnerable to PHP Object Injection via deserialization of untrusted input via the ultimatestorekitwishlist cookie in versions up to , and...

CVE-2024-8030

CVE-2024-8030 affects Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, and Woocommerce Slider up to and including 2.0.3. It enables unauthenticated PHP Object Injection via deserialization of input in the _ultimate_store_...

WordPress plugin Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress plugin Ultimate Store Kit...

PT-2024-38758

Name of the Vulnerable Software and Affected Versions: The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin versions up to, and including, 2.0.3 Description: The issue is related to PHP Object...

WordPress Image Hotspot by DevVN plugin <= 1.2.5 - Authenticated (Author+) PHP Object Injection vulnerability

Authenticated Author+ PHP Object Injection vulnerability discovered by Lucio Sá in WordPress Plugin Image Hotspot by DevVN versions = 1.2.5...

WordPress Simple Job Board plugin <= 2.12.3 - Authenticated (Editor+) PHP Object Injection vulnerability

Authenticated Editor+ PHP Object Injection vulnerability discovered by Francesco Carlucci in WordPress Plugin Simple Job Board versions = 2.12.3...

WordPress Simple Job Board Plugin <= 2.12.3 is vulnerable to PHP Object Injection

Software Simple Job Board Type Plugin Vulnerable versions = 2.12.3 Fixed in 2.12.4 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-7351 Patch priority Medium CVSS severity Medium 8 Developer Claim ownership PSID a1947bfcfa95 Credits Francesco Carlucci Required privileg...

WordPress Image Hotspot by DevVN Plugin <= 1.2.5 is vulnerable to PHP Object Injection

Software Image Hotspot by DevVN Type Plugin Vulnerable versions = 1.2.5 Fixed in 1.2.6 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-7656 Patch priority Medium CVSS severity Medium 8 Developer Claim ownership PSID 9842e20a2259 Credits Lucio Sá Required privilege Auth...

Exploit for Deserialization of Untrusted Data in Givewp

This post is a research article published by EQSTLabhttps://g...

CVE-2024-7656

The Image Hotspot by DevVN plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.5 via deserialization of untrusted input in the 'devvnihotspotshortcodefunc' function. This makes it possible for authenticated attackers, with Author-level access and...

CVE-2024-7656 Image Hotspot by DevVN <= 1.2.5 - Authenticated (Author+) PHP Object Injection

The Image Hotspot by DevVN plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.5 via deserialization of untrusted input in the 'devvnihotspotshortcodefunc' function. This makes it possible for authenticated attackers, with Author-level access and...

CVE-2024-7656 Image Hotspot by DevVN <= 1.2.5 - Authenticated (Author+) PHP Object Injection

The Image Hotspot by DevVN plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.5 via deserialization of untrusted input in the 'devvnihotspotshortcodefunc' function. This makes it possible for authenticated attackers, with Author-level access and...

CVE-2024-7656

CVE-2024-7656 affects Image Hotspot by DevVN for WordPress, vulnerable up to version 1.2.5 due to PHP Object Injection via deserialization in devvn_ihotspot_shortcode_func. Exploitation requires Author-level access or higher; no POP chain is confirmed in the core plugin, but if a POP chain exists...

CVE-2024-7351

The Simple Job Board plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.12.3 via deserialization of untrusted input when editing job applications. This makes it possible for authenticated attackers, with Editor-level access and above, to inject a PH...

CVE-2024-7351 Simple Job Board <= 2.12.3 - Authenticated (Editor+) PHP Object Injection

The Simple Job Board plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.12.3 via deserialization of untrusted input when editing job applications. This makes it possible for authenticated attackers, with Editor-level access and above, to inject a PH...