WordPress Plugin Essential Addons for Elementor 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

PT-2024-23230 · WordPress · Essential Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Essential Addons for Elementor plugin for WordPress versions up to, and including, 5.9.13 Description: The issue allows authenticated attackers with author-level access and above to inject a PHP Object via deserialization of untrusted inp...

WordPress Lightbox slider – Responsive Lightbox Gallery plugin <= 1.9.9 - Authenticated (Contributor+) PHP Object Injection vulnerability

Authenticated Contributor+ PHP Object Injection vulnerability discovered by Francesco Carlucci in WordPress Plugin Lightbox slider – Responsive Lightbox Gallery versions = 1.9.9...

WordPress Button plugin <= 1.1.27 - Authenticated (Contributor+) PHP Object Injection in button_shortcode vulnerability

Authenticated Contributor+ PHP Object Injection in buttonshortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin Button versions = 1.1.27...

CVE-2024-1872

The Button plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.27 via deserialization of untrusted input in the buttonshortcode function. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP...

CVE-2024-1858

The Lightbox slider – Responsive Lightbox Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.9 via deserialization of untrusted input through post meta data. This makes it possible for authenticated attackers, with contributor-level access...

CVE-2024-1872

CVE-2024-1872 affects Button for WordPress (all versions

CVE-2024-1872

The Button plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.28 via deserialization of untrusted input in the buttonshortcode function. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP...

CVE-2024-1872 Button <= 1.1.27 - Authenticated (Contributor+) PHP Object Injection in button_shortcode

The Button plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.27 via deserialization of untrusted input in the buttonshortcode function. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP...

CVE-2024-1858 Lightbox slider – Responsive Lightbox Gallery <= 1.9.9 - Authenticated (Contributor+) PHP Object Injection

The Lightbox slider – Responsive Lightbox Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.9 via deserialization of untrusted input through post meta data. This makes it possible for authenticated attackers, with contributor-level access...

CVE-2024-1858 Lightbox slider – Responsive Lightbox Gallery <= 1.9.9 - Authenticated (Contributor+) PHP Object Injection

The Lightbox slider – Responsive Lightbox Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.9 via deserialization of untrusted input through post meta data. This makes it possible for authenticated attackers, with contributor-level access...

CVE-2024-1858

CVE-2024-1858 is a vulnerability in the Lightbox slider – Responsive Lightbox Gallery WordPress plugin, affecting versions up to 1.9.9. The issue is PHP Object Injection via deserialization of untrusted input in post meta data. Exploitation is possible by attackers with contributor-level access o...

WordPress Filter Custom Fields & Taxonomies Light Plugin <= 1.05 is vulnerable to PHP Object Injection

Software Filter Custom Fields & Taxonomies Light Type Plugin Vulnerable versions = 1.05 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-31094 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID 49ff4d1a6e1e Credits Mika Required...

WordPress Lightbox slider – Responsive Lightbox Gallery Plugin <= 1.9.9 is vulnerable to PHP Object Injection

Software Lightbox slider – Responsive Lightbox Gallery Type Plugin Vulnerable versions = 1.9.9 Fixed in 1.10.0 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-1858 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID c570605cfccd Credits...

WordPress Button Plugin <= 1.1.27 is vulnerable to PHP Object Injection

Software Button Type Plugin Vulnerable versions = 1.1.27 Fixed in 1.1.28 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-1872 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID d7ad40b2deb7 Credits Francesco Carlucci Required privilege...

WordPress Plugin Lightbox slider 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2024-30221 WordPress Sunshine Photo Cart plugin <= 3.1.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart.This issue affects Sunshine Photo Cart: from n/a through = 3.1.1...

CVE-2024-30221 WordPress Sunshine Photo Cart plugin <= 3.1.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart.This issue affects Sunshine Photo Cart: from n/a through = 3.1.1...

CVE-2024-30222 WordPress ARMember plugin <= 4.0.26 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.26...

CVE-2024-30223 WordPress ARMember plugin <= 4.0.26 - Unauthenticated PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.26...