Deserialization of untrusted data

The Slider Responsive Slideshow – Image slider, Gallery slideshow plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8 via deserialization of untrusted input to the awlsliderresponsiveshortcode function. This makes it possible for authenticated...

CVE-2024-1859

The Slider Responsive Slideshow – Image slider, Gallery slideshow plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8 via deserialization of untrusted input to the awlsliderresponsiveshortcode function. This makes it possible for authenticated...

CVE-2024-1859 Slider Responsive Slideshow – Image slider, Gallery slideshow <= 1.3.8 - Authenticated (Contributor+) PHP Object Injection

The Slider Responsive Slideshow – Image slider, Gallery slideshow plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8 via deserialization of untrusted input to the awlsliderresponsiveshortcode function. This makes it possible for authenticated...

Slider Responsive Slideshow – Image slider, Gallery slideshow < 1.4.0 - Authenticated (Contributor+) PHP Object Injection

Description The Slider Responsive Slideshow – Image slider, Gallery slideshow plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8 via deserialization of untrusted input to the awlsliderresponsiveshortcode function. This makes it possible for...

WordPress Play.ht Plugin <= 3.6.4 is vulnerable to PHP Object Injection

Software Play.ht Type Plugin Vulnerable versions = 3.6.4 Fixed in N/A OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-1772 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID 571b81755147 Credits Francesco Carlucci Required privilege Contribut...

Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio <= 3.6.4 - Authenticated (Contributor+) PHP Object Injection

Description The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.6.4 via deserialization of untrusted input from the playpodcastdata post meta. This makes it possible for...

CVE-2023-46615 WordPress KD Coming Soon Plugin <= 1.7 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in Kalli Dan. KD Coming Soon.This issue affects KD Coming Soon: from n/a through 1.7...

CVE-2023-46615 WordPress KD Coming Soon Plugin <= 1.7 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in Kalli Dan. KD Coming Soon.This issue affects KD Coming Soon: from n/a through 1.7...

CVE-2024-23512 WordPress ProductX – Gutenberg WooCommerce Blocks Plugin <= 3.1.4 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in wpxpo ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks.This issue affects ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks: from n/a through 3.1.4...

CVE-2024-23512 WordPress ProductX – Gutenberg WooCommerce Blocks Plugin <= 3.1.4 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in wpxpo ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks.This issue affects ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks: from n/a through 3.1.4...

CVE-2024-23513 WordPress PropertyHive Plugin <= 2.0.5 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in PropertyHive.This issue affects PropertyHive: from n/a through 2.0.5...

CVE-2024-23513 WordPress PropertyHive Plugin <= 2.0.5 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in PropertyHive.This issue affects PropertyHive: from n/a through 2.0.5...

CVE-2024-24796 WordPress Event Manager for WooCommerce Plugin <= 4.1.1 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin.This issue affects Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin: from n/a through 4.1.1...

CVE-2024-24797 WordPress ERE Recently Viewed Plugin <= 1.3 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in G5Theme ERE Recently Viewed – Essential Real Estate Add-On.This issue affects ERE Recently Viewed – Essential Real Estate Add-On: from n/a through 1.3...

CVE-2024-24797 WordPress ERE Recently Viewed Plugin <= 1.3 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in G5Theme ERE Recently Viewed – Essential Real Estate Add-On.This issue affects ERE Recently Viewed – Essential Real Estate Add-On: from n/a through 1.3...

CVE-2024-24926 WordPress Brooklyn Theme <= 4.9.7.6 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in UnitedThemes Brooklyn | Creative Multi-Purpose Responsive WordPress Theme.This issue affects Brooklyn | Creative Multi-Purpose Responsive WordPress Theme: from n/a through 4.9.7.6...

CVE-2024-24926 WordPress Brooklyn Theme <= 4.9.7.6 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in UnitedThemes Brooklyn | Creative Multi-Purpose Responsive WordPress Theme.This issue affects Brooklyn | Creative Multi-Purpose Responsive WordPress Theme: from n/a through 4.9.7.6...

CVE-2024-25100 WordPress Coupon Referral Program plugin < 1.8.4 - Unauthenticated PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in WP Swings Coupon Referral Program allows Object Injection.This issue affects Coupon Referral Program: from n/a before 1.8.4...

CVE-2024-25100 WordPress Coupon Referral Program plugin < 1.8.4 - Unauthenticated PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in WP Swings Coupon Referral Program allows Object Injection.This issue affects Coupon Referral Program: from n/a before 1.8.4...

Brooklyn <= 4.9.7.6 - PHP Object Injection

Description The brooklyn theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.9.7.6 via deserialization of untrusted input from an unknown parameter. This makes it possible for authenticated attackers, with subscriber access and above, to inject a PHP...