Job Manager & Career – Manage job board listings, and recruitments < 1.4.5 - Cross-Site Request Forgery to PHP Object Injection

Description The Job Manager & Career – Manage job board listings, and recruitments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.4. This is due to missing or incorrect nonce validation on the savepluginsettings function. This makes it...

YITH WooCommerce Product Add-Ons < 4.3.1 - Authenticated(Shop Manager+) PHP Object Injection

Description The YITH WooCommerce Product Add-Ons plugin for WordPress is vulnerable to PHP Object Injection in all versions up to 4.3.1 exclusive via deserialization of untrusted input in the 'saveaddon' function. This makes it possible for authenticated attackers, with Shop Manager access and...

Theme per user < 1.0.2 - Unauthenticated PHP Object Injection

Description The Theme per user plugin for WordPress is vulnerable to PHP Object Injection in all versions up to 1.0.2 exclusive via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If...

ARI Stream Quiz < 1.3.1 - Authenticated (Contributor+) PHP Object Injection

Description The ARI Stream Quiz – WordPress Quizzes Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.0 via deserialization of untrusted input. This makes it possible for authenticated attackers, with contributor access or higher to injec...

Active Products Tables for WooCommerce < 1.0.6.1 - Unauthenticated PHP Object Injection

Description The Active Products Tables for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.6 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. If a POP chain is...

WordPress Gecka Terms Thumbnails Plugin <= 1.1 is vulnerable to PHP Object Injection

Software Gecka Terms Thumbnails Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-52219 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 8f080ffeedc5 Credits Rafie Muhammad Patchstack Required...

WebinarIgnition < 3.05.1 - Authenticated (Subscriber+) PHP Object Injection

Description The Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.05.0 via deserialization of untrusted input. This makes it possible for...

EnvíaloSimple < 2.2 Unauthenticated PHP Object Injection

Description The plugin is vulnerable to PHP Object Injection via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed...

WordPress HTML5 MP3 Player with Playlist Free Plugin <= 3.0.0 is vulnerable to PHP Object Injection

Software HTML5 MP3 Player with Playlist Free Type Plugin Vulnerable versions = 3.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-52207 Patch priority High CVSS severity High 9.1 Developer Claim ownership PSID 5809c2a2acac Credits Rafie Muhammad...

WordPress HTML5 MP3 Player with Folder Feedburner Plugin <= 2.8.0 is vulnerable to PHP Object Injection

Software HTML5 MP3 Player with Folder Feedburner Type Plugin Vulnerable versions = 2.8.0 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-52202 Patch priority High CVSS severity High 9.1 Developer Claim ownership PSID 379c769eaf42 Credits Rafie Muhammad...

WordPress Page Builder: Live Composer Plugin <= 1.5.25 is vulnerable to PHP Object Injection

Software Page Builder: Live Composer Type Plugin Vulnerable versions = 1.5.25 Fixed in 1.5.29 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-52206 Patch priority Medium CVSS severity Medium 7.7 Developer Claim ownership PSID cbdb1d60e22e Credits Le Ngoc Anh Required...

CVE-2023-52181 WordPress Theme per user Plugin <= 1.0.1 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in Presslabs Theme per user.This issue affects Theme per user: from n/a through 1.0.1...

CVE-2023-52182 WordPress ARI Stream Quiz Plugin <= 1.3.0 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in ARI Soft ARI Stream Quiz – WordPress Quizzes Builder.This issue affects ARI Stream Quiz – WordPress Quizzes Builder: from n/a through 1.3.0...

CVE-2023-51414 WordPress EnvíaloSimple Plugin <= 2.1 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in EnvialoSimple EnvíaloSimple: Email Marketing y Newsletters.This issue affects EnvíaloSimple: Email Marketing y Newsletters: from n/a through 2.1...

CVE-2023-51422 WordPress WebinarIgnition Plugin <= 3.05.0 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in Saleswonder Team Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition.This issue affects Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings |...

CVE-2023-51470 WordPress Rencontre – Dating Site Plugin <= 3.11.1 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in Jacques Malgrange Rencontre – Dating Site.This issue affects Rencontre – Dating Site: from n/a through 3.11.1...

CVE-2023-51470 WordPress Rencontre – Dating Site Plugin <= 3.11.1 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in Jacques Malgrange Rencontre – Dating Site.This issue affects Rencontre – Dating Site: from n/a through 3.11.1...

CVE-2023-51505 WordPress Active Products Tables for WooCommerce Plugin <= 1.0.6 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in realmag777 Active Products Tables for WooCommerce. Professional products tables for WooCommerce store.This issue affects Active Products Tables for WooCommerce. Professional products tables for WooCommerce store : from n/a through 1.0.6...

CVE-2023-51505 WordPress Active Products Tables for WooCommerce Plugin <= 1.0.6 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in realmag777 Active Products Tables for WooCommerce. Professional products tables for WooCommerce store.This issue affects Active Products Tables for WooCommerce. Professional products tables for WooCommerce store : from n/a through 1.0.6...

CVE-2023-51545 WordPress Job Manager & Career Plugin <= 1.4.4 is vulnerable to Cross Site Request Forgery (CSRF) leading to PHP Object Injection

Cross-Site Request Forgery CSRF, Deserialization of Untrusted Data vulnerability in ThemeHigh Job Manager & Career – Manage job board listings, and recruitments.This issue affects Job Manager & Career – Manage job board listings, and recruitments: from n/a through 1.4.4...