PT-2024-18629 · WordPress · Countdown

Name of the Vulnerable Software and Affected Versions: The Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress versions up to, and including, 2.7.8 Description: The issue is related to a missing capability check on the conditionsRow and switchCountdown functions, allowing...

GHSA-G5VJ-WJ9X-4JG9 symbiote/silverstripe-multivaluefield Possible PHP Object Injection via Multi-Value Field Extension

A potential deserialisation vulnerability has been identified in the symbiote/silverstripe-multivaluefield which could allow an attacker to exploit implementations of this module via object injection. Support for handling PHP objects as values in this module has been deprecated, and the...

WordPress 140+ Widgets | Best Addons For Elementor – FREE plugin <= 1.4.3.1 - Authenticated (Contributor+) PHP Object Injection vulnerability

Authenticated Contributor+ PHP Object Injection vulnerability discovered by Francesco Carlucci in WordPress Plugin Xpro Elementor Addons versions = 1.4.3.1...

WordPress Hash Form Plugin <= 1.1.0 is vulnerable to PHP Object Injection

Software Hash Form Type Plugin Vulnerable versions = 1.1.0 Fixed in 1.1.1 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-5085 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 96e7546828a2 Credits Francesco Carlucci Required privilege...

WordPress Xpro Elementor Addons Plugin <= 1.4.3.1 is vulnerable to PHP Object Injection

Software Xpro Elementor Addons Type Plugin Vulnerable versions = 1.4.3.1 Fixed in 1.4.3.2 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-4471 Patch priority Low CVSS severity Low 8 Developer Claim ownership PSID db21342544db Credits Francesco Carlucci Required privile...

CVE-2024-5085

The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.0 via deserialization of untrusted input in the 'processentry' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No...

CVE-2024-5085 Hash Form – Drag & Drop Form Builder <= 1.1.0 - Unauthenticated PHP Object Injection

The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.0 via deserialization of untrusted input in the 'processentry' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No...

CVE-2024-5085

CVE-2024-5085 affects the Hash Form – Drag & Drop Form Builder for WordPress. The vulnerability is a PHP Object Injection via deserialization of untrusted input in the process_entry function across all versions up to and including 1.1.0. This enables unauthenticated attackers to inject a PHP obje...

CVE-2024-4471

The 140+ Widgets | Best Addons For Elementor – FREE for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.4.3.1 via deserialization of untrusted input in the 'exportcontent' function. This allows authenticated attackers, with contributor-level permissions and...

CVE-2024-4471 140+ Widgets | Best Addons For Elementor – FREE <= 1.4.3.1 - Authenticated (Contributor+) PHP Object Injection

The 140+ Widgets | Best Addons For Elementor – FREE for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.4.3.1 via deserialization of untrusted input in the 'exportcontent' function. This allows authenticated attackers, with contributor-level permissions and...

CVE-2024-4471

CVE-2024-4471 affects the 140+ Widgets | Xpro Addons For Elementor – FREE (WordPress). It is a PHP Object Injection vulnerability via deserialization in export_content, exploitable by authenticated users with contributor-level permissions or higher. The description notes no POP chain in the vulne...

CVE-2024-4471 140+ Widgets | Best Addons For Elementor – FREE <= 1.4.3.1 - Authenticated (Contributor+) PHP Object Injection

The 140+ Widgets | Best Addons For Elementor – FREE for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.4.3.1 via deserialization of untrusted input in the 'exportcontent' function. This allows authenticated attackers, with contributor-level permissions and...

WordPress FluentForm plugin <= 5.1.15 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tobias Weißhaar kun19 in WordPress Plugin FluentForm versions = 5.1.15...

WordPress FluentForm Plugin <= 5.1.15 is vulnerable to PHP Object Injection

Software FluentForm Type Plugin Vulnerable versions = 5.1.15 Fixed in 5.1.16 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-4157 Patch priority Medium CVSS severity Medium 7.5 Developer Claim ownership PSID 3330782fcf1c Credits Tobias Weißhaar kun19 Required privilege...

140+ Widgets | Best Addons For Elementor – FREE < 1.4.3.2 - Authenticated (Contributor+) PHP Object Injection

Description The 140+ Widgets | Best Addons For Elementor – FREE for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.4.3.1 via deserialization of untrusted input in the 'exportcontent' function. This allows authenticated attackers, with contributor-level...

Hash Form – Drag & Drop Form Builder < 1.1.1 - Unauthenticated PHP Object Injection

Description The Hash Form – Drag & Drop Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.0 via deserialization of untrusted input in the 'processentry' function. This makes it possible for unauthenticated attackers to inject a PHP...

PT-2024-34445 · WordPress · The Hash Form – Drag & Drop Form Builder

Name of the Vulnerable Software and Affected Versions: The Hash Form – Drag & Drop Form Builder plugin for WordPress versions up to, and including, 1.1.0 Description: The issue is related to PHP Object Injection via deserialization of untrusted input in the process entry function. This allows...

CVE-2024-4157

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.1.15 via deserialization of untrusted input in the extractDynamicValues function. This makes it possible for...

CVE-2024-4157 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.15 - PHP Object Injection via extractDynamicValues

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.1.15 via deserialization of untrusted input in the extractDynamicValues function. This makes it possible for...

CVE-2024-4157 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.15 - PHP Object Injection via extractDynamicValues

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.1.15 via deserialization of untrusted input in the extractDynamicValues function. This makes it possible for...