3718 matches found
Design/Logic Flaw
The WPtouch WordPress plugin before 4.3.45 unserialises the content of an imported settings file, which could lead to PHP object injections issues when an user import intentionally or not a malicious settings file and a suitable gadget chain is present on the blog...
Design/Logic Flaw
The Starter Templates by Kadence WP WordPress plugin before 1.2.17 unserialises the content of an imported file, which could lead to PHP object injection issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog...
Design/Logic Flaw
The WP Custom Admin Interface WordPress plugin before 7.29 unserialize user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...
CVE-2022-3679 Starter Templates by Kadence WP < 1.2.17 - Admin+ PHP Object Injection
The Starter Templates by Kadence WP WordPress plugin before 1.2.17 unserialises the content of an imported file, which could lead to PHP object injection issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog...
CVE-2022-3679 Starter Templates by Kadence WP < 1.2.17 - Admin+ PHP Object Injection
The Starter Templates by Kadence WP WordPress plugin before 1.2.17 unserialises the content of an imported file, which could lead to PHP object injection issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog...
CVE-2022-3679
CVE-2022-3679 affects the WordPress plugin Starter Templates by Kadence WP prior to version 1.2.17. The issue arises from unserialising the content of an imported file, enabling PHP object injection when an admin imports a malicious file and a suitable gadget chain exists on the blog. Impact is d...
CVE-2022-3417 WPtouch < 4.3.45 - Admin+ PHP Object Injection
The WPtouch WordPress plugin before 4.3.45 unserialises the content of an imported settings file, which could lead to PHP object injections issues when an user import intentionally or not a malicious settings file and a suitable gadget chain is present on the blog...
CVE-2022-3417 WPtouch < 4.3.45 - Admin+ PHP Object Injection
The WPtouch WordPress plugin before 4.3.45 unserialises the content of an imported settings file, which could lead to PHP object injections issues when an user import intentionally or not a malicious settings file and a suitable gadget chain is present on the blog...
CVE-2022-4043 WP Custom Admin Interface < 7.29 - Admin+ PHP Object Injection
The WP Custom Admin Interface WordPress plugin before 7.29 unserialize user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...
CVE-2022-4043 WP Custom Admin Interface < 7.29 - Admin+ PHP Object Injection
The WP Custom Admin Interface WordPress plugin before 7.29 unserialize user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...
PT-2023-13789 · WordPress · Wp Custom Admin Interface
Name of the Vulnerable Software and Affected Versions: WP Custom Admin Interface WordPress plugin versions prior to 7.29 Description: The issue allows high privilege users, such as admins, to perform PHP Object Injection when a suitable gadget is present. This is due to the plugin unserializing...
PT-2023-13501 · Kadence Wp · The Starter Templates By Kadence Wp
Name of the Vulnerable Software and Affected Versions: The Starter Templates by Kadence WP WordPress plugin versions prior to 1.2.17 Description: The issue arises from the unserialization of the content of an imported file, potentially leading to PHP object injection issues. This can occur when a...
Revive Old Posts – Social Media Auto Post and Scheduling Plugin < 9.0.11 - PHP Object Injection
The plugin unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. PoC To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup : void...
WordPress Revive Old Posts Plugin < 9.0.11 is vulnerable to PHP Object Injection
Software Revive Old Posts Type Plugin Vulnerable versions 9.0.11 Fixed in 9.0.11 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2022-4680 Patch priority Low CVSS severity Low 4.4 Developer Claim ownership PSID a37521b3e635 Credits Nguyen Huu Do Required privilege...
WordPress White Label CMS Plugin < 2.5 PHP Object Injection Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:videousermanuals:whitelabelcms"; ifdescription...
CVE-2022-4302
The White Label CMS WordPress plugin before 2.5 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...
CVE-2022-4302
The White Label CMS WordPress plugin before 2.5 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...
CVE-2022-4324
The Custom Field Template WordPress plugin before 2.5.8 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import intentionally or not a malicious Customizer Styling file and a suitable gadget chain is present on the blog...
Design/Logic Flaw
The White Label CMS WordPress plugin before 2.5 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...
Design/Logic Flaw
The Custom Field Template WordPress plugin before 2.5.8 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import intentionally or not a malicious Customizer Styling file and a suitable gadget chain is present on the blog...