3726 matches found
CVE-2025-1913
The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.5.0 via deserialization of untrusted input from the 'formdata' parameter This makes it possible for authenticated attacker...
CVE-2024-13889
The WordPress Importer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.8.3 via deserialization of untrusted input in the 'maybeunserialize' function. This makes it possible for authenticated attackers, with Administrator-level access and above, t...
CVE-2025-1913 Product Import Export for WooCommerce <= 2.5.0 - Authenticated (Admin+) PHP Object Injection via form_data Parameter
The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.5.0 via deserialization of untrusted input from the 'formdata' parameter This makes it possible for authenticated attacker...
CVE-2025-1913 Product Import Export for WooCommerce <= 2.5.0 - Authenticated (Admin+) PHP Object Injection via form_data Parameter
The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.5.0 via deserialization of untrusted input from the 'formdata' parameter This makes it possible for authenticated attacker...
CVE-2025-1913
CVE-2025-1913 affects the WordPress plugin Product Import Export for WooCommerce – Import Export Product CSV Suite. The issue is a PHP Object Injection via deserialization of untrusted input in the form_data parameter, exploitable by authenticated administrators and higher. A POP chain is not pre...
CVE-2024-13889
CVE-2024-13889 affects WordPress Importer (WordPress Importer plugin) up to version 0.8.3 via PHP Object Injection in maybe_unserialize. Exploitation requires Administrator+ access and, crucially, a POP chain present from another plugin/theme; without a POP chain, impact is limited. The vulnerabi...
CVE-2024-13889 WordPress Importer <= 0.8.3 - Authenticated (Administrator+) PHP Object Injection
The WordPress Importer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.8.3 via deserialization of untrusted input in the 'maybeunserialize' function. This makes it possible for authenticated attackers, with Administrator-level access and above, t...
CVE-2024-13889 WordPress Importer <= 0.8.3 - Authenticated (Administrator+) PHP Object Injection
The WordPress Importer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.8.3 via deserialization of untrusted input in the 'maybeunserialize' function. This makes it possible for authenticated attackers, with Administrator-level access and above, t...
WordPress Modal 1.5.8 Code Execution / Denial of Service
WordPress Modal plugin versions 1.5.8 and below suffer from remote code execution and denial of service vulnerabilities due to unsafe deserialization. @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ .:. Exploit Title Wordpress Modal Popup Box Plugin - Multiple Vulnerabilities...
WordPress plugin Product Import Export for WooCommerce 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in WordPress...
PT-2025-12884
Name of the Vulnerable Software and Affected Versions Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress versions up to, and including, 2.5.0 Description The issue allows authenticated attackers with Administrator-level access and above to inject a PHP...
WordPress plugin WordPress Importer 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...
CVE-2025-1971
The Export and Import Users and Customers plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.2 via deserialization of untrusted input from the 'formdata' parameter. This makes it possible for authenticated attackers, with Administrator-level acces...
CVE-2025-0724
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.9.4.5 via deserialization of untrusted input in the getusermetafieldshtml function. This makes it possible for authenticated attackers, with...
CVE-2024-13921
The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.0 via deserialization of untrusted input from the 'formdata' parameter. This makes it possible for authenticated attackers, with Administrator-level...
CVE-2025-1971
The Export and Import Users and Customers plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.2 via deserialization of untrusted input from the 'formdata' parameter. This makes it possible for authenticated attackers, with Administrator-level acces...
CVE-2025-1971
The Export and Import Users and Customers plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.2 via deserialization of untrusted input from the 'formdata' parameter. This makes it possible for authenticated attackers, with Administrator-level acces...
CVE-2025-1971
CVE-2025-1971 affects the WordPress plugin Export and Import Users and Customers (versions up to 2.6.2). The flaw is PHP Object Injection via deserialization of untrusted input from the form_data parameter. It requires an authenticated attacker with Administrator-level access or higher. The impac...
CVE-2025-1971 Export and Import Users and Customers <= 2.6.2 - Authenticated (Admin+) PHP Object Injection via form_data Parameter
The Export and Import Users and Customers plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.2 via deserialization of untrusted input from the 'formdata' parameter. This makes it possible for authenticated attackers, with Administrator-level acces...
CVE-2025-0724
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.9.4.5 via deserialization of untrusted input in the getusermetafieldshtml function. This makes it possible for authenticated attackers, with...