WordPress Brooklyn Theme <= 4.9.7.6 is vulnerable to PHP Object Injection

Software Brooklyn Type Theme Vulnerable versions = 4.9.7.6 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-24926 Patch priority Medium CVSS severity Medium 7.5 Developer Claim ownership PSID 088c56b0b572 Credits Rafie Muhammad Patchstack Required privilege...

Coupon Referral Program <= 1.7.2 - Unauthenticated PHP Object Injection

Description The Coupon Referral Program plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.7.2 via deserialization of untrusted input. This makes it possible for unuathenitcated attackers. to inject a PHP Object. No known POP chain is present in the...

WordPress Better Search Replace Plugin < 1.4.5 PHP Object Injection Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:deliciousbrains:bettersearchreplace"; if description...

WordPress Advanced Database Cleaner Plugin <= 3.1.3 is vulnerable to PHP Object Injection

Software Advanced Database Cleaner Type Plugin Vulnerable versions = 3.1.3 Fixed in 3.1.4 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-0668 Patch priority Low CVSS severity Low 6.6 Developer Claim ownership PSID ae822ac39b98 Credits Richard Telleng stueotue Required...

CVE-2024-0668

The Advanced Database Cleaner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.3 via deserialization of untrusted input in the 'processbulkaction' function. This makes it possible for authenticated attacker, with administrator access and above, ...

CVE-2024-0668

The Advanced Database Cleaner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.3 via deserialization of untrusted input in the 'processbulkaction' function. This makes it possible for authenticated attacker, with administrator access and above, ...

Deserialization of untrusted data

The Advanced Database Cleaner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.3 via deserialization of untrusted input in the 'processbulkaction' function. This makes it possible for authenticated attacker, with administrator access and above, ...

CVE-2023-6933

The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. I...

CVE-2023-6933

The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. I...

Deserialization of untrusted data

The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. I...

CVE-2024-0668 Advanced Database Cleaner <= 3.1.3 - Authenticated(Administrator+) PHP Object Injection via process_bulk_action

The Advanced Database Cleaner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.3 via deserialization of untrusted input in the 'processbulkaction' function. This makes it possible for authenticated attacker, with administrator access and above, ...

CVE-2024-0668

CVE-2024-0668 affects the WordPress plugin “Advanced Database Cleaner” (≤ v3.1.3). The root cause is PHP Object Injection via deserialization in the process_bulk_action function, exploitable by an authenticated attacker with administrator-level access (no user interaction required). Potential imp...

CVE-2023-6933

CVE-2023-6933 affects the WordPress plugin Better Search Replace (

CVE-2023-6933 Better Search Replace <= 1.4.4 - Unauthenticated PHP Object Injection

The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. I...

CVE-2023-6933 Better Search Replace <= 1.4.4 - Unauthenticated PHP Object Injection

The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. I...

Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently < 4.1.2 - Authenticated (Contributor+) PHP Object Injection in mep_event_meta_save

Description The Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.1.1 via deserialization of untrusted input in the mepeventmetasave function. This makes it possible for...

ERE Recently Viewed < 2.0 - Unauthenticated PHP Object Injection

Description The plugin is vulnerable to PHP Object Injection via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker...

Knowledge Base for Documentation, FAQs with AI Assistance < 11.31.0 - Unauthenticated PHP Object Injection in is_article_recently_viewed

Description The Knowledge Base for Documentation, FAQs with AI Assistance plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 11.30.2 via deserialization of untrusted input in the isarticlerecentlyviewed function. This makes it possible for...

WordPress Coupon Referral Program Plugin <= 1.7.2 is vulnerable to PHP Object Injection

Software Coupon Referral Program Type Plugin Vulnerable versions = 1.7.2 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-25100 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 1ef5cbc7b304 Credits Dave Jong Patchstack Required...

PT-2024-15733 · WordPress · Advanced Database Cleaner

Name of the Vulnerable Software and Affected Versions: Advanced Database Cleaner plugin for WordPress versions up to, and including, 3.1.3 Description: The issue allows an authenticated attacker with administrator access and above to inject a PHP Object via deserialization of untrusted input in t...