WordPress ChatBot Plugin <= 5.4.5 is vulnerable to PHP Object Injection

Software ChatBot Type Plugin Vulnerable versions = 5.4.5 Fixed in 5.4.6 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-22309 Patch priority High CVSS severity High 8.7 Developer Claim ownership PSID f351099f4f1e Credits Le Ngoc Anh Required privilege Unauthenticated...

Welcart e-Commerce < 2.9.6 - Admin+ PHP Object Injection

Description The plugin is vulnerable to PHP Object Injection in all versions up to 2.9.5 inclusive via deserialization of untrusted input in the welcartconfirmcheckajax function. This makes it possible for administrators to inject a PHP Object. No POP chain is present in the vulnerable plugin. If...

Image Compressor & Optimizer - iLoveIMG < 1.0.6 - Admin+ PHP Object Injection

Description The plugin is vulnerable to PHP Object Injection in all versions up to 1.0.6 exclusive via deserialization of untrusted input. This makes it possible for authenticated attackers, with admin access or higher to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a...

CVE-2023-1405

The Formidable Forms WordPress plugin before 6.2 unserializes user input, which could allow anonymous users to perform PHP Object Injection when a suitable gadget is present...

CVE-2023-1405

The Formidable Forms WordPress plugin before 6.2 unserializes user input, which could allow anonymous users to perform PHP Object Injection when a suitable gadget is present...

Design/Logic Flaw

The Formidable Forms WordPress plugin before 6.2 unserializes user input, which could allow anonymous users to perform PHP Object Injection when a suitable gadget is present...

CVE-2023-1405 Formidable Forms < 6.2 - Unauthenticated PHP Object Injection

The Formidable Forms WordPress plugin before 6.2 unserializes user input, which could allow anonymous users to perform PHP Object Injection when a suitable gadget is present...

CVE-2023-1405

CVE-2023-1405 affects the Formidable Forms WordPress plugin up to version 6.1.2. It arises from unserializing user input, enabling unauthenticated PHP Object Injection when a suitable gadget is present. Impact is HIGH (I:HIGH, A:NONE) with remote attacker access. Mitigation: upgrade to version 6....

CVE-2023-1405 Formidable Forms < 6.2 - Unauthenticated PHP Object Injection

The Formidable Forms WordPress plugin before 6.2 unserializes user input, which could allow anonymous users to perform PHP Object Injection when a suitable gadget is present...

WordPress plugin Formidable Forms security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A security vulnerability in the WordPress...

WordPress Asgaros Forum Plugin <= 2.7.2 is vulnerable to PHP Object Injection

Software Asgaros Forum Type Plugin Vulnerable versions = 2.7.2 Fixed in 2.8.0 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-22284 Patch priority High CVSS severity High 8.7 Developer Claim ownership PSID 25fc365d9e34 Credits Le Ngoc Anh Required privilege...

CVE-2023-6049

The Estatik Real Estate Plugin WordPress plugin before 4.1.1 unserializes user input via some of its cookies, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget chain is present on the blog...

CVE-2023-6049

The Estatik Real Estate Plugin WordPress plugin before 4.1.1 unserializes user input via some of its cookies, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget chain is present on the blog...

Design/Logic Flaw

The Estatik Real Estate Plugin WordPress plugin before 4.1.1 unserializes user input via some of its cookies, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget chain is present on the blog...

CVE-2023-6049 Estatik Real Estate Plugin < 4.1.1 - Unauthenticated PHP Object Injection

The Estatik Real Estate Plugin WordPress plugin before 4.1.1 unserializes user input via some of its cookies, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget chain is present on the blog...

CVE-2023-6049 Estatik Real Estate Plugin < 4.1.1 - Unauthenticated PHP Object Injection

The Estatik Real Estate Plugin WordPress plugin before 4.1.1 unserializes user input via some of its cookies, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget chain is present on the blog...

CVE-2023-6049

The CVE-2023-6049 entry concerns the Estatik Real Estate Plugin for WordPress (versions prior to 4.1.1). The issue is triggered by unserializing user input via cookies, enabling unauthenticated PHP Object Injection when a suitable gadget chain exists on the blog. Affected component: the plugin’s ...

WordPress Plugin Estatik Real Estate Plugin Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability previously existed...

Gecka Terms Thumbnails <= 1.1 - Authenticated (Subscriber+) PHP Object Injection

Description The Gecka Terms Thumbnails plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1 via deserialization of untrusted input. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. N...

Taggbox < 3.2 - Unauthenticated PHP Object Injection

Description The Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP...