CVE-2024-24842 WordPress Knowledge Base for Documentation, FAQs with AI Assistance plugin <= 11.30.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Echo Plugins Knowledge Base for Documentation, FAQs with AI Assistance.This issue affects Knowledge Base for Documentation, FAQs with AI Assistance: from n/a through 11.30.2...

CVE-2024-24842 WordPress Knowledge Base for Documentation, FAQs with AI Assistance plugin <= 11.30.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Echo Plugins Knowledge Base for Documentation, FAQs with AI Assistance.This issue affects Knowledge Base for Documentation, FAQs with AI Assistance: from n/a through 11.30.2...

Meta Tag Manager < 3.1 - Subscriber+ PHP Object Injection

Description The plugin is vulnerable to PHP Object Injection via deserialization of untrusted input in the getpostdata function. This makes it possible for authenticated attackers, with contributor access or higher, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a PO...

Hubbub Lite – Fast, Reliable Social Network Sharing Buttons < 1.33.2 - PHP Object Injection

Description The Hubbub Lite – Fast, Reliable Social Sharing Buttons plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.33.1 via deserialization of untrusted input via the 'dpspmaybeunserialize' function. This makes it possible for authenticated...

CVE-2023-27459 WordPress User Registration plugin <= 2.3.2.1 - Authenticated PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in WPEverest User Registration.This issue affects User Registration: from n/a through 2.3.2.1...

CVE-2023-27459 WordPress User Registration plugin <= 2.3.2.1 - Authenticated PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in WPEverest User Registration.This issue affects User Registration: from n/a through 2.3.2.1...

WordPress Hercules Core Plugin <= 6.4 is vulnerable to PHP Object Injection

Software Hercules Core Type Plugin Vulnerable versions = 6.4 Fixed in 6.5 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-30228 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID f62f114ea206 Credits Dave Jong Patchstack Required privilege...

WordPress Geo Controller Plugin <= 8.6.4 is vulnerable to PHP Object Injection

Software Geo Controller Type Plugin Vulnerable versions = 8.6.4 Fixed in 8.6.5 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-30227 Patch priority High CVSS severity High 9 Developer Claim ownership PSID d77f0684feba Credits LVT-tholv2k Required privilege...

WordPress WP Migrate Plugin <= 2.6.10 is vulnerable to PHP Object Injection

Software WP Migrate Type Plugin Vulnerable versions = 2.6.10 Fixed in 2.6.11 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-30225 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 6b6e8d810b6a Credits Dave Jong Patchstack Required privilege...

WordPress WholesaleX Plugin <= 1.3.2 is vulnerable to PHP Object Injection

Software WholesaleX Type Plugin Vulnerable versions = 1.3.2 Fixed in 1.3.3 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-30224 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 4891ade0b03a Credits Rafie Muhammad Patchstack Required privilege...

WordPress ARMember Plugin <= 4.0.26 is vulnerable to PHP Object Injection

Software ARMember Type Plugin Vulnerable versions = 4.0.26 Fixed in 4.0.27 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-30222 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID 7cde346aedaf Credits LVT-tholv2k Required privilege Contributo...

WordPress Sunshine Photo Cart Plugin <= 3.1.1 is vulnerable to PHP Object Injection

Software Sunshine Photo Cart Type Plugin Vulnerable versions = 3.1.1 Fixed in 3.1.2 OWASP Top 10 A1: Broken Access Control Classification PHP Object Injection CVE CVE-2024-30221 Patch priority Medium CVSS severity Medium 5.4 Developer WP Sunshine PSID 7b2cd8d53b2f Credits CatFather Required...

WordPress ARMember Plugin <= 4.0.26 is vulnerable to PHP Object Injection

Software ARMember Type Plugin Vulnerable versions = 4.0.26 Fixed in 4.0.27 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-30223 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 8d16e0b0481c Credits LVT-tholv2k Required privilege Unauthenticated...

Link Whisper Free < 0.7.2 - Authenticated (Contributor+) PHP Object Injection

Description The Link Whisper Free plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.7.1 via deserialization of untrusted input of the 'mfn-page-items' post meta value. This makes it possible for authenticated attackers, with contributor-level acces...

WordPress BetterDocs Plugin <= 3.3.3 is vulnerable to PHP Object Injection

Software BetterDocs Type Plugin Vulnerable versions = 3.3.3 Fixed in 3.3.4 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-30226 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 4a7582c42893 Credits stealthcopter Required privilege Unauthenticate...

WordPress WooBuddy Plugin <= 3.4.20 is vulnerable to PHP Object Injection

Software WooBuddy Type Plugin Vulnerable versions = 3.4.20 Fixed in 3.4.21 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-2025 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 6110ece7c17e Credits Francesco Carlucci Required privilege Subscrib...

CVE-2024-2025

The "BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages" plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.4.20 via deserialization of untrusted input in the getsimplerequest function. This makes it possible for...

CVE-2024-2025 BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages <= 3.4.20 - Authenticated (Subscriber+) PHP Object Injection in get_simple_request

The "BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages" plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.4.20 via deserialization of untrusted input in the getsimplerequest function. This makes it possible for...

CVE-2024-2025 BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages <= 3.4.20 - Authenticated (Subscriber+) PHP Object Injection in get_simple_request

The "BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages" plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.4.20 via deserialization of untrusted input in the getsimplerequest function. This makes it possible for...

CVE-2024-2025

CVE-2024-2025 pertains to the WordPress plugin “BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages.” It is a PHP Object Injection vulnerability caused by deserialization of untrusted input in the get_simple_request function, affecting all versions up to and including 3...