CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2024/06/19 10:16 a.m.•14 views

CVE-2024-35780 WordPress Page Builder: Live Composer plugin <= 1.5.42 - Contributor+ PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Live Composer Team Page Builder: Live Composer.This issue affects Page Builder: Live Composer: from n/a through 1.5.42...

8.5CVSS7AI score0.00422EPSS

Cvelist•added 2024/06/19 10:16 a.m.•25 views

CVE-2024-35780 WordPress Page Builder: Live Composer plugin <= 1.5.42 - Contributor+ PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Live Composer Team Page Builder: Live Composer.This issue affects Page Builder: Live Composer: from n/a through 1.5.42...

8.5CVSS0.00422EPSS

CVE•added 2024/06/19 10:16 a.m.•42 views

CVE-2024-35780

CVE-2024-35780 : Live Composer Page Builder for WordPress is affected by a DESERIALIZATION of untrusted data vulnerability (PHP Object Injection) in versions up to 1.5.42. The issue enables attacker-controlled object instantiation via deserialized data, with impacts described as total compromise ...

8.5CVSS8.5AI score0.00422EPSS

Patchstack•added 2024/06/19 9:21 a.m.•2 views

WordPress Page Builder: Live Composer plugin <= 1.5.42 - Contributor+ PHP Object Injection vulnerability

Contributor+ PHP Object Injection vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin Page Builder: Live Composer versions = 1.5.42...

8.5CVSS7.1AI score0.00422EPSS

Exploits0Affected Software1

OSV•added 2024/06/19 4:15 a.m.•1 views

CVE-2024-5649

The Universal Slider plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.5 via deserialization of untrusted input 'fslgetgalleryvalue' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject ...

8.8CVSS6AI score

OSV•added 2024/06/19 4:15 a.m.•3 views

CVE-2024-5724

The Photo Video Gallery Master plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.5.3 via deserialization of untrusted input 'PVGMallphotosdetails' parameter. This makes it possible for authenticated attackers, with Contributor-level access and abov...

8.8CVSS6AI score

NVD•added 2024/06/19 4:15 a.m.•17 views

CVE-2024-5649

8.8CVSS0.00438EPSS

NVD•added 2024/06/19 4:15 a.m.•10 views

CVE-2024-5724

8.8CVSS0.00624EPSS

Vulnrichment•added 2024/06/19 3:12 a.m.•9 views

CVE-2024-5724 Photo Video Gallery Master <= 1.5.3 - Authenticated (Contributor+) PHP Object Injection

8.8CVSS7.2AI score0.00624EPSS

Vulnrichment•added 2024/06/19 3:12 a.m.•13 views

CVE-2024-5649 Universal Slider <= 1.6.5 - Authenticated (Contributor+) PHP Object Injection

5.4CVSS7.2AI score0.00438EPSS

Cvelist•added 2024/06/19 3:12 a.m.•19 views

CVE-2024-5724 Photo Video Gallery Master <= 1.5.3 - Authenticated (Contributor+) PHP Object Injection

8.8CVSS0.00624EPSS

CVE•added 2024/06/19 3:12 a.m.•55 views

CVE-2024-5649

The CVE-2024-5649 entry concerns Universal Slider (fusion-slider) for WordPress, affected up to version 1.6.5. It describes PHP Object Injection via deserialization of untrusted input in the fsl_get_gallery_value function. The advisory states that authenticated attackers with Contributor-level ac...

8.8CVSS7.2AI score0.00438EPSS

CVE•added 2024/06/19 3:12 a.m.•54 views

CVE-2024-5724

CVE-2024-5724 affects the Photo Video Gallery Master plugin for WordPress (up to v1.5.3). It exposes PHP Object Injection via deserialization of the PVGM_all_photos_details parameter, exploitable by authenticated users with Contributor+ access. The advisory notes that there is no known POP chain ...

8.8CVSS8.8AI score0.00624EPSS

Patchstack•added 2024/06/19 12:0 a.m.•7 views

WordPress Page Builder: Live Composer Plugin <= 1.5.42 is vulnerable to PHP Object Injection

Software Page Builder: Live Composer Type Plugin Vulnerable versions = 1.5.42 Fixed in 1.5.43 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-35780 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID 6cf6e28bf12c Credits LVT-tholv2k Required...

8.5CVSS6.8AI score0.00422EPSS

Positive Technologies•added 2024/06/19 12:0 a.m.•2 views

PT-2024-36821 · WordPress · Universal Slider

Name of the Vulnerable Software and Affected Versions: Universal Slider plugin for WordPress versions up to, and including, 1.6.5 Description: The issue allows authenticated attackers with Contributor-level access and above to inject a PHP Object via deserialization of untrusted input in the fsl...

8.8CVSS7.2AI score0.00438EPSS

Exploits0References5

Patchstack•added 2024/06/19 12:0 a.m.•9 views

WordPress Custom Field Suite Plugin <= 2.6.7 is vulnerable to PHP Object Injection

Software Custom Field Suite Type Plugin Vulnerable versions = 2.6.7 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-3562 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID 4d41dee4d577 Credits Jack Taylor Required privilege...

8.8CVSS6.8AI score0.0063EPSS

Patchstack•added 2024/06/18 12:0 a.m.•11 views

WordPress Photo Video Gallery Master Plugin <= 1.5.3 is vulnerable to PHP Object Injection

Software Photo Video Gallery Master Type Plugin Vulnerable versions = 1.5.3 Fixed in N/A OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-5724 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 22871a87af76 Credits Francesco Carlucci Required...

8.8CVSS6.9AI score0.00624EPSS

Patchstack•added 2024/06/18 12:0 a.m.•13 views

WordPress Universal Slider Plugin <= 1.6.5 is vulnerable to PHP Object Injection

Software Universal Slider Type Plugin Vulnerable versions = 1.6.5 Fixed in N/A OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-5649 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 2d895bf03490 Credits Francesco Carlucci Required privilege...

8.8CVSS6.9AI score0.00438EPSS