CVE-2024-5871

The WooCommerce - Social Login plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.2 via deserialization of untrusted input from the 'wooslgverify' vulnerable parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. N...

CVE-2024-5871

The WooCommerce - Social Login plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.2 via deserialization of untrusted input from the 'wooslgverify' vulnerable parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. N...

CVE-2024-5871 WooCommerce - Social Login <= 2.6.2 - Unauthenticated PHP Object Injection

The WooCommerce - Social Login plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.2 via deserialization of untrusted input from the 'wooslgverify' vulnerable parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. N...

CVE-2024-5871 WooCommerce - Social Login <= 2.6.2 - Unauthenticated PHP Object Injection

The WooCommerce - Social Login plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.2 via deserialization of untrusted input from the 'wooslgverify' vulnerable parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. N...

CVE-2024-5871

CVE-2024-5871 : The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthenticated PHP Object Injection in all versions up to and including 2.6.2, via deserialization of untrusted input from the vulnerable parameter woo_slg_verify . An attacker could inject a PHP object; while n...

WordPress WooCommerce Social Login plugin <= 2.6.2 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability discovered by István Márton in WordPress Plugin WooCommerce Social Login versions = 2.6.2...

WordPress WooCommerce Social Login Plugin <= 2.6.2 is vulnerable to PHP Object Injection

Software WooCommerce Social Login Type Plugin Vulnerable versions = 2.6.2 Fixed in 2.6.3 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-5871 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 26c69110d799 Credits István Márton Required privilege...

CVE-2024-4371

The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.1 via deserialization of untrusted input from the recentlyviewedproducts cookie. This makes it...

CVE-2024-4371

The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.1 via deserialization of untrusted input from the recentlyviewedproducts cookie. This makes it...

CVE-2024-4371 CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More <= 4.4.1 - Unauthenticated PHP Object Injection

The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.1 via deserialization of untrusted input from the recentlyviewedproducts cookie. This makes it...

CVE-2024-4371

CVE-2024-4371 applies to the WordPress plugin “CoDesigner – Elementor Addon for WooCommerce” (CoDesigner WooCommerce Builder for Elementor). It describes an unauthenticated PHP Object Injection in versions up to 4.4.1 caused by deserialization of untrusted input from the recently_viewed_products ...

CVE-2024-4371 CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More <= 4.4.1 - Unauthenticated PHP Object Injection

The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.1 via deserialization of untrusted input from the recentlyviewedproducts cookie. This makes it...

WordPress CoDesigner WooCommerce Builder for Elementor Plugin <= 4.4.1 is vulnerable to PHP Object Injection

Software CoDesigner WooCommerce Builder for Elementor Type Plugin Vulnerable versions = 4.4.1 Fixed in 4.5 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-4371 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 9f42107c9934 Credits Francesco Carluc...

PT-2024-30632 · WordPress · Codesigner Woocommerce Builder For Elementor

Name of the Vulnerable Software and Affected Versions: The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress versions up to, and including, 4.4.1 Description: The issue is related to PHP Object Injection via deserialization of...

CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More < 4.5 - Unauthenticated PHP Object Injection

Description The CoDesigner WooCommerce Builder for Elementor – Customize Checkout, Shop, Email, Products & More plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.1 via deserialization of untrusted input from the recentlyviewedproducts cookie. Thi...

CVE-2024-2017

The Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the conditionsRow and switchCountdown functions in all versions up to, and including, 2.7.8. This makes it possible for authenticated attacker...

CVE-2024-2017

CVE-2024-2017 (Countdown, Coming Soon, Maintenance – Countdown & Clock) affects WordPress plugin Countdown Builder on all versions up to 2.7.8. Red Hat’s security entry confirms an unauthorized access flaw caused by a missing capability check in the conditionsRow and switchCountdown functions, al...

WordPress Countdown & Clock Plugin <= 2.7.8 is vulnerable to PHP Object Injection

Software Countdown & Clock Type Plugin Vulnerable versions = 2.7.8 Fixed in 2.7.8.1 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-2017 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID e293306cdd98 Credits Lucio Sá Required privilege...

BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer for Elementor & Gutenberg < 3.3.4 - Unauthenticated PHP Object Injection

Description The BetterDocs plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.3.3 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable...

Countdown, Coming Soon, Maintenance – Countdown & Clock < 2.7.8.1 - Missing Authorization to Authenticated (Subscriber+) PHP Object Injection

Description The Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the conditionsRow and switchCountdown functions in all versions up to, and including, 2.7.8. This makes it possible for...