CVE-2024-30223 WordPress ARMember plugin <= 4.0.26 - Unauthenticated PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember.This issue affects ARMember: from n/a through 4.0.26...

CVE-2024-30224 WordPress WholesaleX plugin <= 1.3.2 - Unauthenticated PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.2...

CVE-2024-30225 WordPress WP Migrate plugin <= 2.6.10 - Unauthenticated PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in WPENGINE, INC. WP Migrate.This issue affects WP Migrate: from n/a through 2.6.10...

CVE-2024-30225 WordPress WP Migrate plugin <= 2.6.10 - Unauthenticated PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in WPENGINE, INC. WP Migrate.This issue affects WP Migrate: from n/a through 2.6.10...

CVE-2024-30227 WordPress Geo Controller plugin <= 8.6.4 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in INFINITUM FORM Geo Controller.This issue affects Geo Controller: from n/a through 8.6.4...

CVE-2024-30228 WordPress Hercules Core plugin <= 6.4 - Auth. PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Hercules Design Hercules Core.This issue affects Hercules Core : from n/a through 6.4...

CVE-2024-30228 WordPress Hercules Core plugin <= 6.4 - Auth. PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Hercules Design Hercules Core.This issue affects Hercules Core : from n/a through 6.4...

CVE-2024-30229 WordPress Give plugin <= 3.4.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in StellarWP GiveWP give.This issue affects GiveWP: from n/a through = 3.4.2...

CVE-2024-30229 WordPress Give plugin <= 3.4.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in StellarWP GiveWP give.This issue affects GiveWP: from n/a through = 3.4.2...

CVE-2024-30230 WordPress PDF Invoices and Packing Slips For WooCommerce plugin <= 1.3.7 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Acowebs PDF Invoices and Packing Slips For WooCommerce.This issue affects PDF Invoices and Packing Slips For WooCommerce: from n/a through 1.3.7...

CVE-2024-30230 WordPress PDF Invoices and Packing Slips For WooCommerce plugin <= 1.3.7 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Acowebs PDF Invoices and Packing Slips For WooCommerce.This issue affects PDF Invoices and Packing Slips For WooCommerce: from n/a through 1.3.7...

CVE-2024-1770 Meta Tag Manager <= 3.0.2 - Authenticated (Subscriber+) PHP Object Injection

The Meta Tag Manager plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.2 via deserialization of untrusted input in the getpostdata function. This makes it possible for authenticated attackers, with contributor access or higher, to inject a PHP...

CVE-2024-1770 Meta Tag Manager <= 3.0.2 - Authenticated (Subscriber+) PHP Object Injection

The Meta Tag Manager plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.2 via deserialization of untrusted input in the getpostdata function. This makes it possible for authenticated attackers, with contributor access or higher, to inject a PHP...

CVE-2024-1770

CVE-2024-1770 affects the Meta Tag Manager plugin for WordPress (vulnerable up to 3.0.2). It enables PHP Object Injection via deserialization in get_post_data, requiring at least Contributor+ authentication. The vulnerability can allow an authenticated attacker to inject a PHP object; the initial...

WordPress Meta Tag Manager Plugin <= 3.0.2 is vulnerable to PHP Object Injection

Software Meta Tag Manager Type Plugin Vulnerable versions = 3.0.2 Fixed in 3.1 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-1770 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID e36fbb9c63ac Credits Francesco Carlucci Required privilege...

WordPress Social Pug Plugin <= 1.33.1 is vulnerable to PHP Object Injection

Software Social Pug Type Plugin Vulnerable versions = 1.33.1 Fixed in 1.33.2 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-2501 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID 888eaee51d8b Credits Webbernaut Required privilege Contributo...

Lightbox slider – Responsive Lightbox Gallery <= 1.9.9 - Authenticated (Contributor+) PHP Object Injection

Description The Lightbox slider – Responsive Lightbox Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.9 via deserialization of untrusted input through post meta data. This makes it possible for authenticated attackers, with...

Button < 1.1.28 - Contributor+ PHP Object Injection in button_shortcode

Description The plugin is vulnerable to PHP Object Injection via deserialization of untrusted input in the buttonshortcode function. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable...

PT-2024-18367 · WordPress · The Lightbox Slider – Responsive Lightbox Gallery

Name of the Vulnerable Software and Affected Versions: The Lightbox slider – Responsive Lightbox Gallery plugin for WordPress versions up to, and including, 1.9.9 Description: The issue is related to PHP Object Injection via deserialization of untrusted input through post meta data. This allows...

PT-2024-18380 · WordPress · The Button

Name of the Vulnerable Software and Affected Versions: The Button plugin for WordPress versions up to, and including, 1.1.28 Description: The issue is related to PHP Object Injection via deserialization of untrusted input in the button shortcode function. This allows authenticated attackers with...