3726 matches found
WordPress Product Designer Plugin <= 1.0.32 is vulnerable to PHP Object Injection
Software Product Designer Type Plugin Vulnerable versions = 1.0.32 Fixed in 1.0.33 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-31277 Patch priority High CVSS severity High 8.7 Developer Claim ownership PSID c28d30a48452 Credits Yudistira Arya Required privilege...
CVE-2024-2008
The Modal Popup Box – Popup Builder, Show Offers And News in Popup plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.5.2 via deserialization of untrusted input in the awlmodalpopupboxshortcode function. This makes it possible for authenticated...
CVE-2024-2008
The Modal Popup Box – Popup Builder, Show Offers And News in Popup plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.5.2 via deserialization of untrusted input in the awlmodalpopupboxshortcode function. This makes it possible for authenticated...
CVE-2024-2008 Modal Popup Box – Popup Builder, Show Offers And News in Popup <= 1.5.2 - Authenticated (Contributor+) PHP Object Injection in awl_modal_popup_box_shortcode
The Modal Popup Box – Popup Builder, Show Offers And News in Popup plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.5.2 via deserialization of untrusted input in the awlmodalpopupboxshortcode function. This makes it possible for authenticated...
CVE-2024-2008
CVE-2024-2008 affects the WordPress plugin Modal Popup Box – Popup Builder, Show Offers And News in Popup (versions up to 1.5.2). The issue is a PHP Object Injection via deserialization in the awl_modal_popup_box_shortcode function. This can allow authenticated attackers with at least contributor...
WordPress CMB2 plugin <= 2.10.1 - Authenticated (Contributor+) PHP Object Injection vulnerability
Authenticated Contributor+ PHP Object Injection vulnerability discovered by Francesco Carlucci in WordPress Plugin CMB2 versions = 2.10.1...
WordPress CMB2 Plugin <= 2.10.1 is vulnerable to PHP Object Injection
Software CMB2 Type Plugin Vulnerable versions = 2.10.1 Fixed in 2.11.0 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-1792 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID dc0ad3e4851e Credits Francesco Carlucci Required privilege Contributor...
WordPress Plugin Modal Popup Box 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
WordPress Modal Popup Box Plugin <= 1.5.2 is vulnerable to PHP Object Injection
Software Modal Popup Box Type Plugin Vulnerable versions = 1.5.2 Fixed in 1.5.3 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-2008 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID 963c409562cd Credits Francesco Carlucci Required privilege...
CMB2 < 2.11.0 - Authenticated (Contributor+) PHP Object Injection
Description The CMB2 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.10.1 via deserialization of untrusted input from the textdatetimetimestamptimezone field. This makes it possible for authenticated attackers, with contributor access or higher, ...
Filter Custom Fields & Taxonomies Light <= 1.05 - Authenticated (Contributor+) PHP Object Injection
Description The Filter Custom Fields & Taxonomies Light plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.05 via deserialization of untrusted input. This makes it possible for authenticated attackers, with contributor-level access and above, to...
Modal Popup Box – Popup Builder, Show Offers And News in Popup < 1.5.3 - Authenticated (Contributor+) PHP Object Injection in awl_modal_popup_box_shortcode
Description The Modal Popup Box – Popup Builder, Show Offers And News in Popup plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.5.2 via deserialization of untrusted input in the awlmodalpopupboxshortcode function. This makes it possible for...
Essential Addons for Elementor < 5.9.14 - Author+ PHP Object Injection
Description The plugin is vulnerable to PHP Object Injection via deserialization of untrusted input from the 'errorresetpassword' attribute of the "Login | Register Form" widget disabled by default. This makes it possible for authenticated attackers, with author-level access and above, to inject ...
WordPress Essential Addons for Elementor Plugin <= 5.9.13 is vulnerable to PHP Object Injection
Software Essential Addons for Elementor Type Plugin Vulnerable versions = 5.9.13 Fixed in 5.9.14 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-3018 Patch priority Low CVSS severity Low 8 Developer WPDeveloper PSID b599dd4e668d Credits Ngô Thiên An ancorn Required...
CVE-2024-31094 WordPress Filter Custom Fields & Taxonomies Light plugin <= 1.05 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Filter Custom Fields & Taxonomies Light.This issue affects Filter Custom Fields & Taxonomies Light: from n/a through 1.05...
CVE-2024-31094 WordPress Filter Custom Fields & Taxonomies Light plugin <= 1.05 - PHP Object Injection vulnerability
A vulnerability in websupporter Filter Custom Fields & Taxonomies Light filter-custom-fields-taxonomies-light.This issue affects Filter Custom Fields & Taxonomies Light: from n/a through = 1.05...
CVE-2024-3018
The Essential Addons for Elementor plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.9.13 via deserialization of untrusted input from the 'errorresetpassword' attribute of the "Login | Register Form" widget disabled by default. This makes it possib...
CVE-2024-3018
The Essential Addons for Elementor plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.9.13 via deserialization of untrusted input from the 'errorresetpassword' attribute of the "Login | Register Form" widget disabled by default. This makes it possib...
CVE-2024-3018 Essential Addons for Elementor <= 5.9.13 - Authenticated (Author+) PHP Object Injection via error_resetpassword
The Essential Addons for Elementor plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.9.13 via deserialization of untrusted input from the 'errorresetpassword' attribute of the "Login | Register Form" widget disabled by default. This makes it possib...
CVE-2024-3018 Essential Addons for Elementor <= 5.9.13 - Authenticated (Author+) PHP Object Injection via error_resetpassword
The Essential Addons for Elementor plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.9.13 via deserialization of untrusted input from the 'errorresetpassword' attribute of the "Login | Register Form" widget disabled by default. This makes it possib...