WordPress Theme per user Plugin <= 1.0.1 is vulnerable to PHP Object Injection

Software Theme per user Type Plugin Vulnerable versions = 1.0.1 Fixed in 1.0.2 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-52181 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 74baf7cbbeba Credits Rafie Muhammad Patchstack Required privile...

CVE-2023-32513 WordPress GiveWP Plugin <= 2.25.3 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in GiveWP GiveWP – Donation Plugin and Fundraising Platform.This issue affects GiveWP – Donation Plugin and Fundraising Platform: from n/a through 2.25.3...

CVE-2023-32795 WordPress WooCommerce Product Add-ons Plugin <= 6.1.3 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in WooCommerce Product Add-Ons.This issue affects Product Add-Ons: from n/a through 6.1.3...

CVE-2023-32795 WordPress WooCommerce Product Add-ons Plugin <= 6.1.3 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in WooCommerce Product Add-Ons.This issue affects Product Add-Ons: from n/a through 6.1.3...

CVE-2023-36381 WordPress Zippy Plugin <= 1.6.5 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in Gesundheit Bewegt GmbH Zippy.This issue affects Zippy: from n/a through 1.6.5...

WordPress YITH WooCommerce Product Add-Ons Plugin <= 4.3.0 is vulnerable to PHP Object Injection

Software YITH WooCommerce Product Add-Ons Type Plugin Vulnerable versions = 4.3.0 Fixed in 4.3.1 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-49777 Patch priority Medium CVSS severity Medium 9.1 Developer YITH PSID e13ee0c34e43 Credits Rafie Muhammad Patchstack...

WordPress Active Products Tables for WooCommerce Plugin <= 1.0.6 is vulnerable to PHP Object Injection

Software Active Products Tables for WooCommerce Type Plugin Vulnerable versions = 1.0.6 Fixed in 1.0.6.1 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-51505 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 83a13a45a3dd Credits LVT-tholv2k...

WordPress WebinarIgnition Plugin <= 3.05.0 is vulnerable to PHP Object Injection

Software WebinarIgnition Type Plugin Vulnerable versions = 3.05.0 Fixed in 3.05.5 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-51422 Patch priority High CVSS severity High 9.9 Developer Tobias PSID 079b96cbbb6e Credits Rafie Muhammad Patchstack Required privilege...

WordPress Rencontre – Dating Site Plugin <= 3.11.1 is vulnerable to PHP Object Injection

Software Rencontre – Dating Site Type Plugin Vulnerable versions = 3.11.1 Fixed in 3.11.2 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-51470 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID b7a3ac082038 Credits Rafie Muhammad Patchstack...

WordPress EnvíaloSimple Plugin <= 2.1 is vulnerable to PHP Object Injection

Software EnvíaloSimple Type Plugin Vulnerable versions = 2.1 Fixed in 2.2 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-51414 Patch priority High CVSS severity High 9.6 Developer Claim ownership PSID 134713a86bde Credits Rafie Muhammad Patchstack Required privilege...

Estatik Real Estate Plugin < 4.1.1 - Unauthenticated PHP Object Injection

Description The plugin unserializes user input via some of its cookies, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget chain is present on the blog PoC To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup...

Estatik Real Estate Plugin < 4.1.1 - Unauthenticated PHP Object Injection

Description The plugin unserializes user input via some of its cookies, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget chain is present on the blog To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup :...

CVE-2023-32242 WordPress Woodmart Core Plugin <= 1.0.36 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in xtemos WoodMart - Multipurpose WooCommerce Theme.This issue affects WoodMart - Multipurpose WooCommerce Theme: from n/a through 1.0.36...

CVE-2023-49778 WordPress Sayfa Sayaç Plugin <= 2.6 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in Hakan Demiray Sayfa Sayac.This issue affects Sayfa Sayac: from n/a through 2.6...

CVE-2023-49778 WordPress Sayfa Sayaç Plugin <= 2.6 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in Hakan Demiray Sayfa Sayac.This issue affects Sayfa Sayac: from n/a through 2.6...

CVE-2022-47599 WordPress File Manager Plugin <= 5.2.7 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in File Manager by Bit Form Team File Manager – 100% Free & Open Source File Manager Plugin for WordPress | Bit File Manager.This issue affects File Manager – 100% Free & Open Source File Manager Plugin for WordPress | Bit File Manager: from n/a...

CVE-2022-47599 WordPress File Manager Plugin <= 5.2.7 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in File Manager by Bit Form Team File Manager – 100% Free & Open Source File Manager Plugin for WordPress | Bit File Manager.This issue affects File Manager – 100% Free & Open Source File Manager Plugin for WordPress | Bit File Manager: from n/a...

CVE-2023-49773 WordPress BCorp Shortcodes Plugin <= 0.23 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in Tim Brattberg BCorp Shortcodes.This issue affects BCorp Shortcodes: from n/a through 0.23...

CVE-2023-49772 WordPress Genesis Simple Love Plugin <= 2.0 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in Phpbits Creative Studio Genesis Simple Love.This issue affects Genesis Simple Love: from n/a through 2.0...

CVE-2023-49772 WordPress Genesis Simple Love Plugin <= 2.0 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in Phpbits Creative Studio Genesis Simple Love.This issue affects Genesis Simple Love: from n/a through 2.0...