3726 matches found
Photo Gallery <= 1.4.1 - Authenticated(Contributor+) PHP Object Injection via Shortcode
Description The Photo Gallery – Responsive Photo Gallery, Image Gallery, Portfolio Gallery, Logo Gallery And Team Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.1 via deserialization via shortcode of untrusted input from the...
Event Monster <= 1.3.8 - Contributor+ PHP Object Injection via Custom Meta
Description The plugin is vulnerable to PHP Object Injection via deserialization via shortcode of untrusted input from a custom meta value. This makes it possible for authenticated attackers, with contributor access and above, to inject a PHP Object. No POP chain is present in the vulnerable...
Export and Import Users and Customers < 2.5.4 - Authenticated (Admin+) PHP Object Injection
Description The Export and Import Users and Customers plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.5.3 via deserialization of untrusted input in the input.php file. This makes it possible for authenticated attackers, with administrator-level...
WordPress Custom field finder plugin <= 0.3 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by CatFather Patchstack Alliance in WordPress Plugin Custom field finder versions = 0.3...
WordPress Custom field finder Plugin <= 0.3 is vulnerable to PHP Object Injection
Software Custom field finder Type Plugin Vulnerable versions = 0.3 Fixed in 0.4 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-33641 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 73f25d40c87c Credits CatFather Required privilege Author...
WordPress XStore Core Plugin <= 5.3.8 is vulnerable to PHP Object Injection
Software XStore Core Type Plugin Vulnerable versions = 5.3.8 Fixed in 5.3.9 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-33553 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 49ab51cfb6ce Credits Rafie Muhammad Patchstack Required privilege...
CVE-2024-32817 WordPress Import and export users and customers plugin <= 1.26.2 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Javier Carazo Import and export users and customers import-users-from-csv-with-meta.This issue affects Import and export users and customers: from n/a through = 1.26.2...
CVE-2024-32817 WordPress Import and export users and customers plugin <= 1.26.2 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Import and export users and customers.This issue affects Import and export users and customers: from n/a through 1.26.2...
Master Slider < 3.9.7 - Unauthenticated PHP Object Injection
Description The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.9.5 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is...
WordPress Import and export users and customers plugin <= 1.26.2 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Trình Vũ / Sonicrrrr from VNPT-VCI Patchstack Alliance in WordPress Plugin Import and export users and customers versions = 1.26.2...
WordPress Import and export users and customers Plugin <= 1.26.2 is vulnerable to PHP Object Injection
Software Import and export users and customers Type Plugin Vulnerable versions = 1.26.2 Fixed in 1.26.3 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-32817 Patch priority Low CVSS severity Low 4.4 Developer Codection PSID db71a86e52da Credits Trình Vũ Sonicrrrr from...
CVE-2024-32600 WordPress Master Slider plugin <= 3.9.5 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Averta Master Slider.This issue affects Master Slider: from n/a through 3.9.5...
Import Users from CSV < 1.3 - Authenticated (Admin+) PHP Object Injection
Description The Import Users from CSV plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2 via deserialization of untrusted input. This makes it possible for authenticated attackers, with administrator-level access and above, to inject a PHP Object...
WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.5 - Authenticated (Subscriber+) PHP Object Injection via auxin_template_control_importer vulnerability
Authenticated Subscriber+ PHP Object Injection via auxintemplatecontrolimporter vulnerability discovered by Rhynorater - Critical Thinking Podcast, Michael Brackett in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.17.5...
WordPress WooBuddy Plugin <= 3.4.20 is vulnerable to PHP Object Injection
Software WooBuddy Type Plugin Vulnerable versions = 3.4.20 Fixed in 3.4.21 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-32603 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID a5c09e662bc0 Credits LVT-tholv2k Required privilege Subscriber...
WordPress Master Slider Plugin <= 3.9.5 is vulnerable to PHP Object Injection
Software Master Slider Type Plugin Vulnerable versions = 3.9.5 Fixed in 3.9.7 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-32600 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID d3cbc5a0e9db Credits Rafie Muhammad Patchstack Required privile...
WordPress Shortcodes and extra features for Phlox theme Plugin <= 2.16.2 is vulnerable to PHP Object Injection
Software Shortcodes and extra features for Phlox theme Type Plugin Vulnerable versions = 2.16.2 Fixed in N/A OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-7064 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID b9a2bdf53bc0 Credits Rhynorater -...
Shortcodes and extra features for Phlox theme <= 2.15.2 - Subscriber+ PHP Object Injection
Description The plugin is vulnerable to PHP Object Injection via deserialization of untrusted input from the vulnerable 'id' parameter in the 'auxintemplatecontrolimporter' function. This makes it possible for authenticated attackers able to upload a separate PHAR payload as an image file to inje...
CVE-2024-32431 WordPress Import Users from CSV plugin <= 1.2 - PHP Object Injection
Deserialization of Untrusted Data vulnerability in WP All Import Import Users from CSV.This issue affects Import Users from CSV: from n/a through 1.2...
CVE-2024-32431 WordPress Import Users from CSV plugin <= 1.2 - PHP Object Injection
Deserialization of Untrusted Data vulnerability in WP All Import Import Users from CSV.This issue affects Import Users from CSV: from n/a through 1.2...