CVE-2023-40555 WordPress Flatsome Theme <= 3.17.5 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in UX-themes Flatsome | Multi-Purpose Responsive WooCommerce Theme.This issue affects Flatsome | Multi-Purpose Responsive WooCommerce Theme: from n/a through 3.17.5...

CVE-2023-46147 WordPress Themify Ultra Theme <= 7.3.5 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through 7.3.5...

CVE-2023-46147 WordPress Themify Ultra Theme <= 7.3.5 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in Themify Themify Ultra.This issue affects Themify Ultra: from n/a through 7.3.5...

CVE-2023-47507 WordPress Master Slider Pro Plugin <= 3.6.5 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in Master Slider Master Slider Pro.This issue affects Master Slider Pro: from n/a through 3.6.5...

CVE-2023-34027 WordPress Recently Viewed Products Plugin <= 1.0.0 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in Rajnish Arora Recently Viewed Products.This issue affects Recently Viewed Products: from n/a through 1.0.0...

CVE-2023-34382 WordPress Dokan Plugin <= 3.7.19 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in weDevs Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy.This issue affects Dokan – Best WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy: from n/a through 3.7.19...

CVE-2023-37390 WordPress Themesflat Addons For Elementor Plugin <= 2.0.0 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in Themesflat Themesflat Addons For Elementor.This issue affects Themesflat Addons For Elementor: from n/a through 2.0.0...

WordPress plugin Recently Viewed Products Code Issue Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

CVE-2023-46154 WordPress e2pdf Plugin <= 1.20.18 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in E2Pdf.Com E2Pdf – Export To Pdf Tool for WordPress.This issue affects E2Pdf – Export To Pdf Tool for WordPress: from n/a through 1.20.18...

CVE-2023-49819 WordPress Structured Content Plugin <= 1.5.3 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in Gordon Böhme, Antonio Leutsch Structured Content JSON-LD wpsc.This issue affects Structured Content JSON-LD wpsc: from n/a through 1.5.3...

Sayfa Sayaç <= 2.6 - Unauthenticated PHP Object Injection

Description The Sayfa Sayac plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable...

Soledad < 8.4.2 - Unauthenticated PHP Object Injection

Description The Soledad theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 8.4.1 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable theme. If a...

Structured Content < 1.6 - Contributor+ PHP Object Injection

Description The plugin is vulnerable to PHP Object Injection via deserialization of untrusted input. This makes it possible for attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an...

Genesis Simple Love <= 2.0 - Unauthenticated PHP Object Injection

Description The Genesis Simple Love plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the...

WordPress Soledad Theme <= 8.4.1 is vulnerable to PHP Object Injection

Software Soledad Type Theme Vulnerable versions = 8.4.1 Fixed in 8.4.2 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-49826 Patch priority Medium CVSS severity Medium 8.1 Developer Claim ownership PSID c3ecdbf607cb Credits Rafie Muhammad Patchstack Required privilege...

WordPress Structured Content Plugin <= 1.5.3 is vulnerable to PHP Object Injection

Software Structured Content Type Plugin Vulnerable versions = 1.5.3 Fixed in 1.6 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-49819 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID bffa4eda39b1 Credits LVT-tholv2k Required privilege Contributo...

WordPress Sayfa Sayaç Plugin <= 2.6 is vulnerable to PHP Object Injection

Software Sayfa Sayaç Type Plugin Vulnerable versions = 2.6 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-49778 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 19c4341a6f7a Credits Rafie Muhammad Patchstack Required privilege...

WordPress BCorp Shortcodes Plugin <= 0.23 is vulnerable to PHP Object Injection

Software BCorp Shortcodes Type Plugin Vulnerable versions = 0.23 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-49773 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 00a3ca6350c4 Credits Rafie Muhammad Patchstack Required privileg...

WordPress Genesis Simple Love Plugin <= 2.0 is vulnerable to PHP Object Injection

Software Genesis Simple Love Type Plugin Vulnerable versions = 2.0 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-49772 Patch priority High CVSS severity High 10 Developer Claim ownership PSID fa51f08cd8a2 Credits Rafie Muhammad Patchstack Required...

CVE-2023-5952

The Welcart e-Commerce WordPress plugin before 2.9.5 unserializes user input from cookies, which could allow unautehtniacted users to perform PHP Object Injection when a suitable gadget is present on the blog...