3726 matches found
CVE-2024-2006
CVE-2024-2006 affects the WordPress plugin Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget, up to version 1.6.7. Description: PHP Object Injection via deserialization of untrusted input in outpost_shortcode_metabox_markup, exploitable by authenticated us...
CVE-2024-1772 Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio <= 3.6.4 - Authenticated (Contributor+) PHP Object Injection
The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.6.4 via deserialization of untrusted input from the playpodcastdata post meta. This makes it possible for authenticated...
CVE-2024-1772
The CVE-2024-1772 entry concerns the Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio WordPress plugin (versions up to and including 3.6.4). It describes a PHP Object Injection via deserialization of untrusted input from the play_podcast_data post meta, exploitable by authentic...
CVE-2024-1772
The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.6.4 via deserialization of untrusted input from the playpodcastdata post meta. This makes it possible for authenticated...
WordPress PropertyHive Plugin <= 2.0.9 is vulnerable to PHP Object Injection
Software PropertyHive Type Plugin Vulnerable versions = 2.0.9 Fixed in 2.0.10 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-27985 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 245763d3996e Credits CatFather Required privilege Subscribe...
WordPress Plugin Post Grid, Slider & Carousel Ultimate Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
PT-2024-18444 · WordPress · Carousel Slider & Grid Ultimate
Name of the Vulnerable Software and Affected Versions: The Product Carousel Slider & Grid Ultimate for WooCommerce plugin for WordPress versions up to, and including, 1.9.7 Description: The issue allows authenticated attackers with contributor access and above to inject a PHP Object via...
WordPress Plugin Product Carousel Slider & Grid Ultimate for WooCommerce Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
PT-2024-18445 · WordPress · The Logo Showcase Ultimate
Name of the Vulnerable Software and Affected Versions: The Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid plugin for WordPress versions up to, and including, 1.3.8 Description: The issue allows authenticated attackers with contributor access and above to inject a PHP Object via...
CVE-2024-1773
The PDF Invoices and Packing Slips For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.7 via deserialization of untrusted input via the orderid parameter. This makes it possible for authenticated attackers, with subscriber-level...
Deserialization of untrusted data
The PDF Invoices and Packing Slips For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.7 via deserialization of untrusted input via the orderid parameter. This makes it possible for authenticated attackers, with subscriber-level...
CVE-2024-1773 PDF Invoices and Packing Slips For WooCommerce <= 1.3.7 - Authenticated (Subscriber+) PHP Object Injection
The PDF Invoices and Packing Slips For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.7 via deserialization of untrusted input via the orderid parameter. This makes it possible for authenticated attackers, with subscriber-level...
CVE-2024-1773 PDF Invoices and Packing Slips For WooCommerce <= 1.3.7 - Authenticated (Subscriber+) PHP Object Injection
The PDF Invoices and Packing Slips For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.7 via deserialization of untrusted input via the orderid parameter. This makes it possible for authenticated attackers, with subscriber-level...
PT-2024-18294 · WordPress · Woocommerce Pdf Invoices & Packing Slips
Name of the Vulnerable Software and Affected Versions: PDF Invoices and Packing Slips For WooCommerce plugin for WordPress versions up to, and including, 1.3.7 Description: The issue allows authenticated attackers with subscriber-level access and above to inject a PHP Object via deserialization o...
BIT-SUITECRM-2020-8800
SuiteCRM through 7.11.11 allows EmailsControllerActionGetFromFields PHP Object Injection...
WordPress Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid Plugin <= 1.3.8 is vulnerable to PHP Object Injection
Software Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid Type Plugin Vulnerable versions = 1.3.8 Fixed in 1.3.9 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-1951 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 5b1fd4bab381...
WordPress Product Carousel Slider & Grid Ultimate for WooCommerce Plugin <= 1.9.7 is vulnerable to PHP Object Injection
Software Product Carousel Slider & Grid Ultimate for WooCommerce Type Plugin Vulnerable versions = 1.9.7 Fixed in 1.9.8 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-1950 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 0d91488a9b71 Credits...
PDF Invoices and Packing Slips For WooCommerce < 1.3.8 - Authenticated (Subscriber+) PHP Object Injection
Description The PDF Invoices and Packing Slips For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.7 via deserialization of untrusted input via the orderid parameter. This makes it possible for authenticated attackers, with...
CVE-2024-1731
The Auto Refresh Single Page plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1 via deserialization of untrusted input from the arspoptions post meta option. This makes it possible for authenticated attackers, with contributor-level access and...
CVE-2024-1731
The Auto Refresh Single Page plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1 via deserialization of untrusted input from the arspoptions post meta option. This makes it possible for authenticated attackers, with contributor-level access and...