WordPress Recently Viewed Products Plugin <= 1.0.0 is vulnerable to PHP Object Injection

Software Recently Viewed Products Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-34027 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID 9c6c9d223c96 Credits Mika Required privilege...

WordPress Go Pricing Plugin <= 3.3.19 is vulnerable to PHP Object Injection

Software Go Pricing Type Plugin Vulnerable versions = 3.3.19 Fixed in 3.4 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-2500 Patch priority Medium CVSS severity Medium 4.9 Developer Claim ownership PSID 888d475edb31 Credits Lana Codes Required privilege Subscriber...

CVE-2023-2500 Go Pricing - WordPress Responsive Pricing Tables <= 3.3.19 - Authenticated (Subscriber+) PHP Object Injection

The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.3.19 via deserialization of untrusted input from the 'gopricing' shortcode 'data' parameter. This allows authenticated attackers, with subscriber-lev...

CVE-2023-2500 Go Pricing - WordPress Responsive Pricing Tables <= 3.3.19 - Authenticated (Subscriber+) PHP Object Injection

The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.3.19 via deserialization of untrusted input from the 'gopricing' shortcode 'data' parameter. This allows authenticated attackers, with subscriber-lev...

CVE-2023-2500

CVE-2023-2500 affects the Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress (versions ≤ 3.3.19). The vulnerability is PHP Object Injection via deserialization of untrusted input in the go_pricing shortcode data parameter. It requires subscriber-level authentication or higher; ...

Go Pricing - WordPress Responsive Pricing Tables < 3.4 - Contributor+ PHP Object Injection via shortcode

The plugin does not sanitize the data parameter of its gopricing shortcode before unserializing it, which could allow users with a role as low as a contributor to perform PHP Object Injection attacks if a suitable gadget chain is found on the site...

WordPress HUSKY - Products Filter for WooCommerce Professional Plugin < 1.3.2 PHP Object Injection Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:pluginus:husky-productsfilterprofessionalforwoocommerce";...

WordPress Ad Inserter Plugin < 2.7.27 Code Injection Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adinserterproject:adinserter"; ifdescription...

CVE-2023-1549

The Ad Inserter WordPress plugin before 2.7.27 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...

Design/Logic Flaw

The Ad Inserter WordPress plugin before 2.7.27 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...

CVE-2023-1549 Ad Inserter < 2.7.27 - Admin+ PHP Object Injection

The Ad Inserter WordPress plugin before 2.7.27 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...

CVE-2023-1549 Ad Inserter < 2.7.27 - Admin+ PHP Object Injection

The Ad Inserter WordPress plugin before 2.7.27 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...

CVE-2023-1549

The CVE-2023-1549 issue affects the Ad Inserter WordPress plugin prior to version 2.7.27. It involves unserializing user input from the plugin settings, which could enable PHP Object Injection when a suitable gadget is present, potentially allowing high-privilege users (e.g., admins) to leverage ...

WordPress WooCommerce Product Add-ons Plugin <= 6.1.3 is vulnerable to PHP Object Injection

Software WooCommerce Product Add-ons Type Plugin Vulnerable versions = 6.1.3 Fixed in 6.2.0 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-32795 Patch priority Medium CVSS severity Medium 8.2 Developer Claim ownership PSID 8de26d9f8493 Credits Rafie Muhammad Patchstac...

WordPress Woodmart Core Plugin <= 1.0.36 is vulnerable to PHP Object Injection

Software Woodmart Core Type Plugin Vulnerable versions = 1.0.36 Fixed in 1.0.37 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-32242 Patch priority High CVSS severity High 9.8 Developer Xtemos PSID 779c53b2f97f Credits Dave Jong Patchstack Required privilege...

WordPress GiveWP Plugin <= 2.25.3 is vulnerable to PHP Object Injection

Software GiveWP Type Plugin Vulnerable versions = 2.25.3 Fixed in 2.26.0 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-32513 Patch priority High CVSS severity High 7.5 Developer Liquid Web / StellarWP PSID 8e6fd83cfd05 Credits Rafie Muhammad Patchstack Required...

CVE-2023-1347

The Customizer Export/Import WordPress plugin before 0.9.6 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...

CVE-2023-1650

The AI ChatBot WordPress plugin before 4.4.7 unserializes user input from cookies via an AJAX action available to unauthenticated users, which could allow them to perform PHP Object Injection when a suitable gadget is present on the blog...

CVE-2023-1347

The Customizer Export/Import WordPress plugin before 0.9.6 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...

CVE-2023-1650

The AI ChatBot WordPress plugin before 4.4.7 unserializes user input from cookies via an AJAX action available to unauthenticated users, which could allow them to perform PHP Object Injection when a suitable gadget is present on the blog...