CVE-2024-34433 WordPress One Click Demo Import plugin <=3.2.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in OCDI One Click Demo Import.This issue affects One Click Demo Import: from n/a through 3.2.0...

CVE-2024-4606 WordPress Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder plugin <= 2.0.3 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in BdThemes Ultimate Store Kit Elementor Addons.This issue affects Ultimate Store Kit Elementor Addons: from n/a through 2.0.3...

WordPress Ditty plugin <= 3.1.38 - Authenticated (Contributor+) PHP Object Injection vulnerability

Authenticated Contributor+ PHP Object Injection vulnerability discovered by Trinh Vu Sonicrrrr in WordPress Plugin Ditty versions = 3.1.38...

WordPress Advanced Ads plugin <= 1.52.1 - Authenticated (Admin+) PHP Object Injection vulnerability

Authenticated Admin+ PHP Object Injection vulnerability discovered by ST in WordPress Plugin Advanced Ads versions = 1.52.1...

WordPress Ditty Plugin <= 3.1.38 is vulnerable to PHP Object Injection

Software Ditty Type Plugin Vulnerable versions = 3.1.38 Fixed in 3.1.39 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-3954 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID 3afcc0b0dfe5 Credits Trinh Vu Sonicrrrr Required privilege...

WordPress Advanced Ads – Ad Manager & AdSense Plugin <= 1.52.1 is vulnerable to PHP Object Injection

Software Advanced Ads – Ad Manager & AdSense Type Plugin Vulnerable versions = 1.52.1 Fixed in 1.52.2 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-2290 Patch priority Low CVSS severity Low 6.6 Developer Claim ownership PSID 1580e82fdb8d Credits ST Required privilege...

WordPress Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder plugin <= 2.0.3 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by wpdabh Patchstack Alliance in WordPress Plugin Ultimate Store Kit Elementor Addons versions = 2.0.3...

WordPress One Click Demo Import plugin <=3.2.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by ngductung Patchstack Alliance in WordPress Plugin One Click Demo Import versions = 3.2.0...

WordPress Ultimate Store Kit Elementor Addons Plugin <= 2.0.3 is vulnerable to PHP Object Injection

Software Ultimate Store Kit Elementor Addons Type Plugin Vulnerable versions = 2.0.3 Fixed in 2.0.4 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-4606 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 46e7a74eebcc Credits Ray Wilson Requir...

Hercules Core < 6.5 - Authenticated (Subscriber+) PHP Object Injection

Description The Hercules Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.4 via deserialization of untrusted input. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. No known P...

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup < 4.0.27 - Unauthenticated PHP Object Injection

Description The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.0.26 via deserialization of untrusted input. This makes it possible for unauthenticated...

Sunshine Photo Cart: Free Client Photo Galleries for Photographers < 3.1.2 - Unauthenticated PHP Object Injection

Description The Sunshine Photo Cart: Free Client Photo Galleries for Photographers plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.1 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP...

WholesaleX – WooCommerce Wholesale Plugin (Wholesale Prices, Dynamic Pricing, Tiered Pricing) < 1.3.3 - Unauthenticated PHP Object Injection

Description The WholesaleX – WooCommerce Wholesale Plugin Wholesale Prices, Dynamic Pricing, Tiered Pricing plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.2 via deserialization of untrusted input. This makes it possible for unauthenticated...

WP Migrate Pro < 2.6.11 - Unauthenticated PHP Object Injection

Description The WP Migrate Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.10 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerab...

ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup < 4.0.27 - Authenticated (Contributor+) PHP Object Injection

Description The ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.0.26 via deserialization of untrusted input. This makes it possible for authenticated...

WordPress One Click Demo Import Plugin <= 3.2.0 is vulnerable to PHP Object Injection

Software One Click Demo Import Type Plugin Vulnerable versions = 3.2.0 Fixed in 3.2.1 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-34433 Patch priority Low CVSS severity Low 4.4 Developer Claim ownership PSID a0133f0acd1f Credits ngductung Patchstack Alliance Requir...

WordPress ConvertPlus Plugin <= 3.5.25 is vulnerable to PHP Object Injection

Software ConvertPlus Type Plugin Vulnerable versions = 3.5.25 Fixed in 3.5.26 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-3240 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID 5120b9c81ed3 Credits 1337Wannabe Required privilege...

CVE-2024-3240

The ConvertPlug plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.25 via deserialization of untrusted input from the 'settingsencoded' attribute of the 'smileinfobar' shortcode. This makes it possible for authenticated attackers, with...

CVE-2024-3240 ConvertPlug <= 3.5.25 - Authenticated (Contributor+) PHP Object Injection

The ConvertPlug plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.25 via deserialization of untrusted input from the 'settingsencoded' attribute of the 'smileinfobar' shortcode. This makes it possible for authenticated attackers, with...

CVE-2024-3240 ConvertPlug <= 3.5.25 - Authenticated (Contributor+) PHP Object Injection

The ConvertPlug plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.25 via deserialization of untrusted input from the 'settingsencoded' attribute of the 'smileinfobar' shortcode. This makes it possible for authenticated attackers, with...