3718 matches found
Design/Logic Flaw
The Customizer Export/Import WordPress plugin before 0.9.6 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...
Design/Logic Flaw
The AI ChatBot WordPress plugin before 4.4.7 unserializes user input from cookies via an AJAX action available to unauthenticated users, which could allow them to perform PHP Object Injection when a suitable gadget is present on the blog...
CVE-2023-1347 Customizer Export/Import < 0.9.6 - Admin+ PHP Object Injection
The Customizer Export/Import WordPress plugin before 0.9.6 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...
CVE-2023-1347 Customizer Export/Import < 0.9.6 - Admin+ PHP Object Injection
The Customizer Export/Import WordPress plugin before 0.9.6 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...
CVE-2023-1347
CVE-2023-1347 affects the WordPress plugin Customizer Export/Import (versions before 0.9.6). The issue arises from unserializing user input in settings, enabling PHP Object Injection when a suitable gadget is present. Exploitation requires admin-level privileges, with a high impact as documented....
CVE-2023-1650 ChatBot < 4.4.7 - Unauthenticated PHP Object Injection
The AI ChatBot WordPress plugin before 4.4.7 unserializes user input from cookies via an AJAX action available to unauthenticated users, which could allow them to perform PHP Object Injection when a suitable gadget is present on the blog...
CVE-2023-1650
The CVE-2023-1650 entry concerns the AI ChatBot WordPress plugin (before 4.4.7). The vulnerability arises from unserializing user input stored in cookies via an AJAX action accessible to unauthenticated users, enabling PHP Object Injection if a compatible gadget is present. Affected software: Wor...
WordPress Otter - Gutenberg Block Plugin < 2.2.6 is vulnerable to PHP Object Injection
Software Otter - Gutenberg Block Type Plugin Vulnerable versions 2.2.6 Fixed in 2.2.6 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-2288 Patch priority High CVSS severity High 6.6 Developer Claim ownership PSID a3cf96ddaa2b Credits Alex Sanford Required privilege...
PT-2023-17146 · WordPress · Ai Chatbot
Name of the Vulnerable Software and Affected Versions: AI ChatBot WordPress plugin versions prior to 4.4.7 Description: The issue allows unauthenticated users to perform PHP Object Injection via an AJAX action, potentially exploiting the presence of a suitable gadget on the blog. This is achieved...
PT-2023-16916 · WordPress · Customizer Export/Import
Name of the Vulnerable Software and Affected Versions: Customizer Export/Import WordPress plugin versions prior to 0.9.6 Description: The issue allows high privilege users, such as admins, to perform PHP Object Injection when a suitable gadget is present. This is due to the plugin unserializing...
CVE-2023-1196
The Advanced Custom Fields ACF Free and Pro WordPress plugins 6.x before 6.1.0 and 5.x before 5.12.5 unserialize user controllable data, which could allow users with a role of Contributor and above to perform PHP Object Injection when a suitable gadget is present...
Design/Logic Flaw
The Advanced Custom Fields ACF Free and Pro WordPress plugins 6.x before 6.1.0 and 5.x before 5.12.5 unserialize user controllable data, which could allow users with a role of Contributor and above to perform PHP Object Injection when a suitable gadget is present...
CVE-2023-1196 Advanced Custom Fields - Contributor+ PHP Object Injection
The Advanced Custom Fields ACF Free and Pro WordPress plugins 6.x before 6.1.0 and 5.x before 5.12.5 unserialize user controllable data, which could allow users with a role of Contributor and above to perform PHP Object Injection when a suitable gadget is present...
CVE-2023-1196 Advanced Custom Fields - Contributor+ PHP Object Injection
The Advanced Custom Fields ACF Free and Pro WordPress plugins 6.x before 6.1.0 and 5.x before 5.12.5 unserialize user controllable data, which could allow users with a role of Contributor and above to perform PHP Object Injection when a suitable gadget is present...
CVE-2023-1196
The CVE-2023-1196 entry concerns the Advanced Custom Fields (ACF) Free and Pro WordPress plugins. Affected versions are 5.x before 5.12.5 and 6.x before 6.1.0. The root cause is unserialize of user-controllable data, enabling PHP Object Injection when a suitable gadget is present. Valid risk is t...
CVE-2023-1669
The SEOPress WordPress plugin before 6.5.0.3 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...
Design/Logic Flaw
The SEOPress WordPress plugin before 6.5.0.3 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...
CVE-2023-1669 SEOPress < 6.5.0.3 - Admin+ PHP Object Injection
The SEOPress WordPress plugin before 6.5.0.3 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...
CVE-2023-1669 SEOPress < 6.5.0.3 - Admin+ PHP Object Injection
The SEOPress WordPress plugin before 6.5.0.3 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...
CVE-2023-1669
CVE-2023-1669 affects the SEOPress WordPress plugin up to version 6.5.0.3. The issue arises from unserializing user input provided through settings, which could allow high-privilege users (e.g., admins) to perform PHP Object Injection when a suitable gadget is present. The vulnerability is confir...