PropertyHive < 2.0.6 - Unauthenticated PHP Object Injection via propertyhive_currency

Description The PropertyHive plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.5 via deserialization of untrusted input from the 'propertyhivecurrency' cookie value. This makes it possible for unauthenticated attackers to inject a PHP Object. No...

WordPress Knowledge Base for Documentation, FAQs with AI Assistance Plugin <= 11.30.2 is vulnerable to PHP Object Injection

Software Knowledge Base for Documentation, FAQs with AI Assistance Type Plugin Vulnerable versions = 11.30.2 Fixed in 11.31.0 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-24842 Patch priority High CVSS severity High 8.7 Developer Claim ownership PSID 6e74033eecde...

ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks < 3.1.5 - PHP Object Injection via wopb_wishlist and wopb_compare

Description The ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.4 via deserialization of untrusted input from the 'wopbwishlist' and 'wopbcompare' cookies. This makes it possible for...

WordPress ERE Recently Viewed Plugin <= 1.3 is vulnerable to PHP Object Injection

Software ERE Recently Viewed Type Plugin Vulnerable versions = 1.3 Fixed in 2.0 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-24797 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 835850fa9817 Credits Yudistira Arya Required privilege...

WordPress Event Manager for WooCommerce Plugin <= 4.1.1 is vulnerable to PHP Object Injection

Software Event Manager for WooCommerce Type Plugin Vulnerable versions = 4.1.1 Fixed in 4.1.2 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-24796 Patch priority Medium CVSS severity Medium 8.2 Developer Claim ownership PSID e6a64198a3ef Credits Ngô Thiên An ancorn fr...

WordPress ProductX – Gutenberg WooCommerce Blocks Plugin <= 3.1.4 is vulnerable to PHP Object Injection

Software ProductX – Gutenberg WooCommerce Blocks Type Plugin Vulnerable versions = 3.1.4 Fixed in 3.1.5 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-23512 Patch priority High CVSS severity High 8.7 Developer Claim ownership PSID fa4448964e74 Credits Yudistira Arya...

WordPress PropertyHive Plugin <= 2.0.5 is vulnerable to PHP Object Injection

Software PropertyHive Type Plugin Vulnerable versions = 2.0.5 Fixed in 2.0.6 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-23513 Patch priority High CVSS severity High 8.7 Developer Claim ownership PSID 2d28e52553fa Credits Yudistira Arya Required privilege...

WordPress < 6.4.3 - Deserialization of Untrusted Data

Description WordPress does not sanitizes options when installing and upgrading itself before serializing them, which could allow high privileged users such as admin to perform PHP Object Injection attack...

Exploit for Deserialization of Untrusted Data in Wpengine Better_Search_Replace

PoC exploit for CVE-2023-6933, a vulnerability in a web applicat...

VulnCheck KEV: CVE-2023-6933

The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin...

WordPress Better Search Replace Plugin <= 1.4.4 is vulnerable to PHP Object Injection

Software Better Search Replace Type Plugin Vulnerable versions = 1.4.4 Fixed in 1.4.5 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-6933 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 3ac241f51ac9 Credits Sam Pizzey mopman Required privilege...

PT-2024-15128

Name of the Vulnerable Software and Affected Versions Better Search Replace plugin for WordPress versions up to, and including, 1.4.4 Description The issue is related to PHP Object Injection via deserialization of untrusted input, allowing unauthenticated attackers to inject a PHP Object. If a PO...

CVE-2024-22284 WordPress Asgaros Forum Plugin <= 2.7.2 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in Thomas Belser Asgaros Forum.This issue affects Asgaros Forum: from n/a through 2.7.2...

CVE-2024-22309 WordPress ChatBot Plugin <= 5.1.0 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in QuantumCloud ChatBot with AI.This issue affects ChatBot with AI: from n/a through 5.1.0...

Advanced Database Cleaner < 3.1.4 - Administrator+ PHP Object Injection

Description The plugin is vulnerable to PHP Object Injection via deserialization of untrusted input in the 'processbulkaction' function. This makes it possible for authenticated attacker, with administrator access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin...

Better Search Replace < 1.4.5 - Unauthenticated PHP Object Injection

Description The plugin is vulnerable to PHP Object Injection via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed...

Asgaros Forum < 2.8.0 - Unauthenticated PHP Object Injection in prepare_unread_status

Description The Asgaros Forum plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.7.2 via deserialization of untrusted input in the prepareunreadstatus function. This makes it possible for unauthenticated attackers to inject a PHP Object. If a POP...

CVE-2022-45845 WordPress Smart Slider 3 Plugin <= 3.5.1.9 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in Nextend Smart Slider 3.This issue affects Smart Slider 3: from n/a through 3.5.1.9...

CVE-2022-45845 WordPress Smart Slider 3 Plugin <= 3.5.1.9 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in Nextend Smart Slider 3.This issue affects Smart Slider 3: from n/a through 3.5.1.9...

CVE-2022-45083 WordPress ProfilePress Plugin <= 4.3.2 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress.This issue affects Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User...