CVE-2024-7351 Simple Job Board <= 2.12.3 - Authenticated (Editor+) PHP Object Injection

The Simple Job Board plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.12.3 via deserialization of untrusted input when editing job applications. This makes it possible for authenticated attackers, with Editor-level access and above, to inject a PH...

CVE-2024-7351

CVE-2024-7351 affects the WordPress plugin “Simple Job Board” (versions up to and including 2.12.3). The vulnerability is a PHP Object Injection via deserialization of untrusted input when updating job applications, exploitable by authenticated users with Editor+ privileges. The initial disclosur...

PT-2024-38282 · WordPress · Simple Job Board

Name of the Vulnerable Software and Affected Versions: Simple Job Board plugin for WordPress versions up to, and including, 2.12.3 Description: The Simple Job Board plugin for WordPress is vulnerable to PHP Object Injection via deserialization of untrusted input when editing job applications. Thi...

WordPress plugin Image Hotspot by DevVN 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in PHP. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in the WordPress plugin Image Hotspot by DevVN versi...

CVE-2024-5335

The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin is vulnerable to PHP Object Injection via deserialization of untrusted input via the ultimatestorekitcompareproducts cookie in versions up to ...

CVE-2024-5335

The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin is vulnerable to PHP Object Injection via deserialization of untrusted input via the ultimatestorekitcompareproducts cookie in versions up to ...

CVE-2024-5335 Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider <= 1.6.4 - Unauthenticated PHP Object Injection

The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin is vulnerable to PHP Object Injection via deserialization of untrusted input via the ultimatestorekitcompareproducts cookie in versions up to ...

CVE-2024-5335 Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider <= 1.6.4 - Unauthenticated PHP Object Injection

The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin is vulnerable to PHP Object Injection via deserialization of untrusted input via the ultimatestorekitcompareproducts cookie in versions up to ...

CVE-2024-5335

CVE-2024-5335 affects the WordPress plugin Ultimate Store Kit Elementor Addons (and related components) up to version 1.6.4. The vulnerability is an unauthenticated PHP Object Injection resulting from deserialization of untrusted input via the _ultimate_store_kit_compare_products cookie. The Word...

GiveWP WordPress Plugin Vulnerability Puts 100,000+ Websites at Risk

A maximum-severity security flaw has been disclosed in the WordPress GiveWP donation and fundraising plugin that exposes more than 100,000 websites to remote code execution attacks. The flaw, tracked as CVE-2024-5932 CVSS score: 10.0, impacts all versions of the plugin prior to version 3.14.2,...

WordPress plugin Woo Inquiry 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2024-5932

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the 'givetitle' parameter. This makes it possible for unauthenticated attackers to inject a PHP...

CVE-2024-5932 GiveWP – Donation Plugin and Fundraising Platform <= 3.14.1 - Unauthenticated PHP Object Injection to Remote Code Execution

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the 'givetitle' parameter. This makes it possible for unauthenticated attackers to inject a PHP...

CVE-2024-5932 GiveWP – Donation Plugin and Fundraising Platform <= 3.14.1 - Unauthenticated PHP Object Injection to Remote Code Execution

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the 'givetitle' parameter. This makes it possible for unauthenticated attackers to inject a PHP...

CVE-2024-5932

CVE-2024-5932 (GiveWP PHP Object Injection) involves the GiveWP WordPress plugin vulnerable to deserialization of untrusted input via the give_title parameter, enabling an unauthenticated POP chain that can lead to remote code execution and arbitrary file deletion. Technical details across connec...

CVE-2024-43252 WordPress Crew HRM plugin <= 1.1.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Crew HRM Crew HRM hr-management.This issue affects Crew HRM: from n/a through = 1.1.1...

CVE-2024-43252 WordPress Crew HRM plugin <= 1.1.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Crew HRM Crew HRM hr-management.This issue affects Crew HRM: from n/a through = 1.1.1...

CVE-2024-37099 WordPress GiveWP plugin <= 3.14.1 - Unauthenticated PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Liquid Web GiveWP allows Object Injection.This issue affects GiveWP: from n/a through 3.14.1...

$4,998 Bounty Awarded and 100,000 WordPress Sites Protected Against Unauthenticated Remote Code Execution Vulnerability Patched in GiveWP WordPress Plugin

📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? Through October 14th, researchers can earn up to $31,200, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, an...

PT-2024-6172

Name of the Vulnerable Software and Affected Versions GiveWP versions 3.14.1 and earlier Description The GiveWP plugin for WordPress is vulnerable to PHP Object Injection via deserialization of untrusted input from the give title parameter. This vulnerability allows unauthenticated attackers to...