3718 matches found
WordPress plugin HUSKY 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...
CVE-2022-4680
The Revive Old Posts WordPress plugin before 9.0.11 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...
CVE-2022-4680
The Revive Old Posts WordPress plugin before 9.0.11 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...
Design/Logic Flaw
The Revive Old Posts WordPress plugin before 9.0.11 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...
CVE-2022-4680 Revive Old Posts – Social Media Auto Post and Scheduling Plugin < 9.0.11 - PHP Object Injection
The Revive Old Posts WordPress plugin before 9.0.11 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...
CVE-2022-4680 Revive Old Posts – Social Media Auto Post and Scheduling Plugin < 9.0.11 - PHP Object Injection
The Revive Old Posts WordPress plugin before 9.0.11 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...
CVE-2022-4680
The CVE-2022-4680 entry concerns the WordPress plugin Revive Old Posts up to version 9.0.10, which unserializes user input from settings, enabling PHP Object Injection when a suitable gadget is present and an administrator can trigger it. Affected version is before 9.0.11; the issue is mitigated ...
WordPress ShopLentor Plugin < 2.5.4 is vulnerable to PHP Object Injection
Software ShopLentor Type Plugin Vulnerable versions 2.5.4 Fixed in 2.5.4 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-0232 Patch priority High CVSS severity High 5.4 Developer Claim ownership PSID 0065ec87acd5 Credits WPScan Required privilege Unauthenticated...
ShopLentor < 2.5.4 - PHP Object Injection
The plugin unserializes user input from cookies in order to track viewed products and user data, which could lead to PHP Object Injection...
CVE-2022-4323
The Analyticator WordPress plugin before 6.5.6 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...
CVE-2022-3425
The Analyticator WordPress plugin before 6.5.6 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...
CVE-2022-3425
The Analyticator WordPress plugin before 6.5.6 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...
Design/Logic Flaw
The Analyticator WordPress plugin before 6.5.6 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...
CVE-2022-4323 Google Analyticator < 6.5.6 - Admin+ PHP Object Injection
The Analyticator WordPress plugin before 6.5.6 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...
CVE-2022-4323
CVE-2022-4323 concerns the WordPress plugin Analyticator (up to version 6.5.5; fixed in 6.5.6). The vulnerability arises because the plugin unserializes user input provided via the settings, which can enable PHP Object Injection when a suitable gadget is present. The issue can be triggered by hig...
CVE-2022-4323 Google Analyticator < 6.5.6 - Admin+ PHP Object Injection
The Analyticator WordPress plugin before 6.5.6 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...
CVE-2022-3425 Google Analyticator < 6.5.6 - Admin+ PHP Object Injection
The Analyticator WordPress plugin before 6.5.6 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...
CVE-2022-3425 Google Analyticator < 6.5.6 - Admin+ PHP Object Injection
The Analyticator WordPress plugin before 6.5.6 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...
CVE-2022-3425
The CVE-2022-3425 issue affects the WordPress plugin The Analyticator (versions prior to 6.5.6). The vulnerability stems from unserializing user input in the plugin settings, which could let high-privilege users (e.g., administrators) perform PHP Object Injection when a suitable gadget is present...
PT-2023-13351 · WordPress · Analyticator
Name of the Vulnerable Software and Affected Versions: The Analyticator WordPress plugin versions prior to 6.5.6 Description: The issue allows high-privilege users, such as admins, to perform PHP Object Injection when a suitable gadget is present. This is due to the plugin unserializing user inpu...