WordPress Plugin Five Star Restaurant Menu and Food Ordering Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

PT-2023-32059 · WordPress · Five Star Restaurant Menu/Food Ordering

Name of the Vulnerable Software and Affected Versions: Five Star Restaurant Menu and Food Ordering WordPress plugin versions prior to 2.4.11 Description: The issue allows unauthenticated users to perform PHP Object Injection via an AJAX action by unserializing user input. This can be exploited wh...

GHSA-MW2W-2HJ2-FG8Q yiisoft/yii deserializing untrusted user input can lead to remote code execution

Impact Affected versions of yiisoft/yii are vulnerable to Remote Code Execution RCE if the application calls unserialize on arbitrary user input. Patches Upgrade yiisoft/yii to version 1.1.29 or higher. For more information See the following links for more details: - Git commit -...

yiisoft/yii deserializing untrusted user input can lead to remote code execution

Impact Affected versions of yiisoft/yii are vulnerable to Remote Code Execution RCE if the application calls unserialize on arbitrary user input. Patches Upgrade yiisoft/yii to version 1.1.29 or higher. For more information See the following links for more details: - Git commit -...

WordPress iLoveIMG Plugin <= 1.0.5 is vulnerable to PHP Object Injection

Software iLoveIMG Type Plugin Vulnerable versions = 1.0.5 Fixed in 1.0.6 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE N/A Patch priority Low CVSS severity Low 6.6 Developer Claim ownership PSID 259c37e12af8 Credits Unknown Required privilege Administrator Published 14...

Welcart e-Commerce < 2.9.5 - Unauthenticated PHP Object Injection

Description The plugin unserializes user input from cookies, which could allow unautehtniacted users to perform PHP Object Injection when a suitable gadget is present on the blog PoC To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup : void...

WordPress Master Slider Pro Plugin <= 3.6.5 is vulnerable to PHP Object Injection

Software Master Slider Pro Type Plugin Vulnerable versions = 3.6.5 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-47507 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 6df26bc223e4 Credits Rafie Muhammad Patchstack Required...

CVE-2023-5583

The WP Simple Galleries plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.34 via deserialization of untrusted input from the 'wpsimplegallerygallery' post meta via 'wpsgallery' shortcode. This allows authenticated attackers, with contributor-level...

Deserialization of untrusted data

The WP Simple Galleries plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.34 via deserialization of untrusted input from the 'wpsimplegallerygallery' post meta via 'wpsgallery' shortcode. This allows authenticated attackers, with contributor-level...

CVE-2023-5583

CVE-2023-5583 affects WP Simple Galleries for WordPress (≤ v1.34). The vulnerability is a PHP Object Injection via deserialization of untrusted input from the wpsimplegallery_gallery post meta through the wpsgallery shortcode. It requires contributor-level permissions or higher and could enable a...

PT-2023-32195 · WordPress · Wp Simple Galleries

Name of the Vulnerable Software and Affected Versions: WP Simple Galleries plugin for WordPress versions up to, and including, 1.34 Description: The WP Simple Galleries plugin for WordPress is vulnerable to PHP Object Injection via deserialization of untrusted input from the wpsimplegallery galle...

Five Star Restaurant Menu and Food Ordering < 2.4.11 - Unauthenticated PHP Object Injection

Description The plugin unserializes user input via an AJAX action available to unauthenticated users, allowing them to perform PHP Object Injection when a suitable gadget is present on the blog. PoC Run the below command in the developer console of the web browser while being on the blog...

Five Star Restaurant Menu and Food Ordering < 2.4.11 - Unauthenticated PHP Object Injection

Description The plugin unserializes user input via an AJAX action available to unauthenticated users, allowing them to perform PHP Object Injection when a suitable gadget is present on the blog. Run the below command in the developer console of the web browser while being on the blog...

WordPress KD Coming Soon Plugin <= 1.7 is vulnerable to PHP Object Injection

Software KD Coming Soon Type Plugin Vulnerable versions = 1.7 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-46615 Patch priority High CVSS severity High 5.4 Developer Claim ownership PSID 340885e1964a Credits Mika Required privilege Unauthenticated...

CVE-2023-4386

The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the getposts function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. ...

CVE-2023-4386

The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the getposts function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. ...

Deserialization of untrusted data

The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the getposts function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. ...

CVE-2023-4386 Essential Blocks <= 4.2.0 - Unauthenticated PHP Object Injection via queries

The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the getposts function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. ...

CVE-2023-4386

The CVE-2023-4386 entry concerns the WordPress Essential Blocks plugin (WPDeveloper) with PHP Object Injection due to insecure deserialization in get_posts. Affected versions are up to and including 4.2.0. The vulnerability allows unauthenticated attackers to inject a PHP object via untrusted inp...

CVE-2023-4386 Essential Blocks <= 4.2.0 - Unauthenticated PHP Object Injection via queries

The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the getposts function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. ...