CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3718 matches found

OSV•added 2023/10/20 7:15 a.m.•13 views

CVE-2023-4402

The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the getproducts function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugi...

9.8CVSS7.5AI score0.0134EPSS

Exploits3References2

NVD•added 2023/10/20 7:15 a.m.•49 views

CVE-2023-4402

9.8CVSS8.8AI score0.0134EPSS

Exploits3References2

Prion•added 2023/10/20 7:15 a.m.•21 views

Deserialization of untrusted data

7.5CVSS9.8AI score0.0134EPSS

Exploits3References2Affected Software2

Vulnrichment•added 2023/10/20 6:35 a.m.•9 views

CVE-2023-4402 Essential Blocks <= 4.2.0 - Unauthenticated PHP Object Injection via products

8.1CVSS7.5AI score0.0134EPSS

Exploits3References2

Cvelist•added 2023/10/20 6:35 a.m.•52 views

CVE-2023-4402 Essential Blocks <= 4.2.0 - Unauthenticated PHP Object Injection via products

8.1CVSS9.9AI score0.0134EPSS

Exploits3References2

CVE•added 2023/10/20 6:35 a.m.•58 views

CVE-2023-4402

The WordPress Essential Blocks plugin (versions up to and including 4.2.0) is affected by a PHP Object Injection via deserialization of untrusted input in the get_products/get_posts path. The vulnerability allows unauthenticated attackers to inject a PHP Object; exploitation may enable deletion o...

9.8CVSS9.4AI score0.0134EPSS

Exploits3References2Affected Software2

Positive Technologies•added 2023/10/20 12:0 a.m.•3 views

PT-2023-29014 · WordPress · Essential Blocks

Name of the Vulnerable Software and Affected Versions: The Essential Blocks plugin for WordPress versions up to, and including, 4.2.0 Description: The issue allows unauthenticated attackers to inject a PHP Object via deserialization of untrusted input in the get posts function. If a POP chain is...

8.1CVSS8.7AI score0.00768EPSS

Exploits2References6

Positive Technologies•added 2023/10/19 12:0 a.m.•4 views

PT-2023-29071 · WordPress · Essential Blocks

9.8CVSS9.6AI score0.0134EPSS

Exploits3References6

Patchstack•added 2023/10/17 12:0 a.m.•14 views

WordPress e2pdf Plugin <= 1.20.18 is vulnerable to PHP Object Injection

Software e2pdf Type Plugin Vulnerable versions = 1.20.18 Fixed in 1.20.19 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-46154 Patch priority Low CVSS severity Low 6.6 Developer E2Pdf.com PSID f89d3fc37d51 Credits trein Required privilege Administrator Published 17...

7.2CVSS6.8AI score0.00735EPSS

Exploits0References2Affected Software1

Patchstack•added 2023/10/17 12:0 a.m.•9 views

WordPress Themify Ultra Theme <= 7.3.5 is vulnerable to PHP Object Injection

Software Themify Ultra Type Theme Vulnerable versions = 7.3.5 Fixed in 7.3.6 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-46147 Patch priority High CVSS severity High 7.4 Developer Claim ownership PSID ae279380be0f Credits Rafie Muhammad Patchstack Required privileg...

8.8CVSS6.8AI score0.00493EPSS

Exploits0References1Affected Software1

Patchstack•added 2023/10/17 12:0 a.m.•8 views

WordPress Weaver Xtreme Theme Support Plugin < 6.3.1 is vulnerable to PHP Object Injection

Software Weaver Xtreme Theme Support Type Plugin Vulnerable versions 6.3.1 Fixed in 6.3.1 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-4971 Patch priority Low CVSS severity Low 6.6 Developer Claim ownership PSID 68d407ee3a34 Credits Do Xuan Trung Required privilege...

7.2CVSS6.8AI score0.00976EPSS

Exploits2References3Affected Software1

Patchstack•added 2023/10/17 12:0 a.m.•20 views

WordPress NextGEN Gallery Plugin < 3.39 is vulnerable to PHP Object Injection

Software NextGEN Gallery Type Plugin Vulnerable versions 3.39 Fixed in 3.39 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2023-3154 Patch priority Low CVSS severity Low 6.6 Developer Claim ownership PSID 2db7a0c70c48 Credits Linwz from DEVCORE Required privilege...

7.5CVSS6.8AI score0.00701EPSS

Exploits2References3Affected Software1

OpenVAS•added 2023/10/17 12:0 a.m.•14 views

WordPress Enable Media Replace Plugin < 4.1.3 PHP Object Injection Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:shortpixel:enablemediareplace"; if description...

8.8CVSS7AI score0.00837EPSS

Exploits2References1

OSV•added 2023/10/16 8:15 p.m.•3 views

CVE-2023-4971

The Weaver Xtreme Theme Support WordPress plugin before 6.3.1 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import a malicious file and a suitable gadget chain is present on the blog...

7.2CVSS7.1AI score0.00976EPSS

Exploits2References1

NVD•added 2023/10/16 8:15 p.m.•16 views

CVE-2023-4971

7.2CVSS7AI score0.00976EPSS

Exploits2References1

OSV•added 2023/10/16 8:15 p.m.•1 views

CVE-2023-4643

The Enable Media Replace WordPress plugin before 4.1.3 unserializes user input via the Remove Background feature, which could allow Author+ users to perform PHP Object Injection when a suitable gadget is present on the blog...

8.8CVSS5.8AI score0.00837EPSS

Exploits2References1

NVD•added 2023/10/16 8:15 p.m.•23 views

CVE-2023-4643

8.8CVSS8.8AI score0.00837EPSS

Exploits2References1

Prion•added 2023/10/16 8:15 p.m.•23 views

Input validation

6.5CVSS8.8AI score0.00837EPSS

Exploits2References1Affected Software1

Prion•added 2023/10/16 8:15 p.m.•16 views

Design/Logic Flaw