3726 matches found
CVE-2024-0825
The Vimeography: Vimeo Video Gallery WordPress Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.3.2 via deserialization of untrusted input via the vimeographyduplicategalleryserialized in the duplicategallery function. This makes it possibl...
CVE-2024-0825
The Vimeography: Vimeo Video Gallery WordPress Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.3.2 via deserialization of untrusted input via the vimeographyduplicategalleryserialized in the duplicategallery function. This makes it possibl...
Deserialization of untrusted data
The Vimeography: Vimeo Video Gallery WordPress Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.3.2 via deserialization of untrusted input via the vimeographyduplicategalleryserialized in the duplicategallery function. This makes it possibl...
Deserialization of untrusted data
The Auto Refresh Single Page plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1 via deserialization of untrusted input from the arspoptions post meta option. This makes it possible for authenticated attackers, with contributor-level access and...
CVE-2024-0825 Vimeography: Vimeo Video Gallery WordPress Plugin <= 2.3.2 - Authenticated (Contributor+) PHP Object Injection
The Vimeography: Vimeo Video Gallery WordPress Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.3.2 via deserialization of untrusted input via the vimeographyduplicategalleryserialized in the duplicategallery function. This makes it possibl...
CVE-2024-0825 Vimeography: Vimeo Video Gallery WordPress Plugin <= 2.3.2 - Authenticated (Contributor+) PHP Object Injection
The Vimeography: Vimeo Video Gallery WordPress Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.3.2 via deserialization of untrusted input via the vimeographyduplicategalleryserialized in the duplicategallery function. This makes it possibl...
CVE-2024-0825
CVE-2024-0825 concerns the WordPress plugin “Vimeography: Vimeo Video Gallery” (
CVE-2024-1731 Auto Refresh Single Page <= 1.1 - Authenticated (Contributor+) PHP Object Injection
The Auto Refresh Single Page plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1 via deserialization of untrusted input from the arspoptions post meta option. This makes it possible for authenticated attackers, with contributor-level access and...
CVE-2024-1731 Auto Refresh Single Page <= 1.1 - Authenticated (Contributor+) PHP Object Injection
The Auto Refresh Single Page plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1 via deserialization of untrusted input from the arspoptions post meta option. This makes it possible for authenticated attackers, with contributor-level access and...
CVE-2024-1731
The CVE-2024-1731 entry concerns the Auto Refresh Single Page plugin for WordPress. It is vulnerable to PHP Object Injection in all versions up to 1.1 via deserialization of untrusted input from the arsp_options post meta option. An authenticated attacker with contributor-level access or higher c...
Product Carousel Slider & Grid Ultimate for WooCommerce < 1.9.8 - Authenticated(Contributor+) PHP Object Injection
Description The Product Carousel Slider & Grid Ultimate for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.7 via deserialization of untrusted input via shortcode. This makes it possible for authenticated attackers, with contributor...
Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget < 1.6.8 - Authenticated (Contributor+) PHP Object Injection in outpost_shortcode_metabox_markup
Description The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.7 via deserialization of untrusted input in the outpostshortcodemetaboxmarkup function...
WordPress Plugin Vimeography Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
WordPress Auto Refresh Single Page Plugin <= 1.1 is vulnerable to PHP Object Injection
Software Auto Refresh Single Page Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-1731 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID d58385aa0db1 Credits Francesco Carlucci Required privilege...
WordPress Vimeography Plugin <= 2.3.2 is vulnerable to PHP Object Injection
Software Vimeography Type Plugin Vulnerable versions = 2.3.2 Fixed in 2.3.3 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-0825 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID d222d8e03d69 Credits Lucio Sá Required privilege Contributor...
Vimeography < 2.3.3 - Contributor+ PHP Object Injection
Description The plugin is vulnerable to PHP Object Injection via deserialization of untrusted input via the vimeographyduplicategalleryserialized in the duplicategallery function. This makes it possible for authenticated attackers attackers, with contributor access or higher, to inject a PHP...
Auto Refresh Single Page <= 1.1 - Authenticated (Contributor+) PHP Object Injection
Description The Auto Refresh Single Page plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1 via deserialization of untrusted input from the arspoptions post meta option. This makes it possible for authenticated attackers, with contributor-level...
PT-2024-18259 · WordPress · Auto Refresh Single Page
Name of the Vulnerable Software and Affected Versions: Auto Refresh Single Page plugin for WordPress versions up to, and including, 1.1 Description: The issue allows authenticated attackers with contributor-level access and above to inject a PHP Object via deserialization of untrusted input from...
CVE-2024-1859
The Slider Responsive Slideshow – Image slider, Gallery slideshow plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8 via deserialization of untrusted input to the awlsliderresponsiveshortcode function. This makes it possible for authenticated...
CVE-2024-1859
The Slider Responsive Slideshow – Image slider, Gallery slideshow plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8 via deserialization of untrusted input to the awlsliderresponsiveshortcode function. This makes it possible for authenticated...