3726 matches found
CVE-2025-2376
A vulnerability has been found in viames Pair Framework up to 1.9.11 and classified as critical. Affected by this vulnerability is the function getCookieContent of the file /src/UserRemember.php of the component PHP Object Handler. The manipulation of the argument cookieName leads to...
CVE-2025-2376
Affected product : viames Pair Framework (up to 1.9.11). Vulnerability : The function getCookieContent in /src/UserRemember.php (PHP Object Handler) deserializes data from a cookie after manipulating the cookieName argument, enabling remote exploitation. Impact : Deserialization of untrusted data...
CVE-2025-2376 viames Pair Framework PHP Object UserRemember.php getCookieContent deserialization
A vulnerability has been found in viames Pair Framework up to 1.9.11 and classified as critical. Affected by this vulnerability is the function getCookieContent of the file /src/UserRemember.php of the component PHP Object Handler. The manipulation of the argument cookieName leads to...
CVE-2024-13824
The CiyaShop - Multipurpose WooCommerce Theme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.19.0 via deserialization of untrusted input in the 'addciyashopwishlist' and 'ciyashopgetcompare' functions. This makes it possible for unauthenticated...
CVE-2025-26921 WordPress Booking and Rental Manager Plugin <= 2.2.6 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Object Injection.This issue affects Booking and Rental Manager: from n/a through = 2.2.6...
CVE-2024-10942
The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.89 via deserialization of untrusted input in the 'replaceserializedvalues' function. This makes it possible for unauthenticated attackers to inject a PHP Objec...
CVE-2025-1657
The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to unauthorized modification of data and PHP Object Injection due to a missing capability check on the stmlistingajax AJAX action in all versions up to, and including, 2.2.0. This makes it possible for...
CVE-2025-1657
CVE-2025-1657 concerns the Directory Listings WordPress plugin – uListing for WordPress. The Red Hat and NVD entries, plus Wordfence details, state that all versions up to and including 2.1.7 are vulnerable due to a missing capability check on the stm_listing_ajax AJAX action. This allows authent...
CVE-2025-1657 Directory Listings WordPress plugin – uListing <= 2.1.7 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Update and PHP Object Injection
The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to unauthorized modification of data and PHP Object Injection due to a missing capability check on the stmlistingajax AJAX action in all versions up to, and including, 2.1.7. This makes it possible for...
CVE-2025-1657 Directory Listings WordPress plugin – uListing <= 2.2.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Update and PHP Object Injection
The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to unauthorized modification of data and PHP Object Injection due to a missing capability check on the stmlistingajax AJAX action in all versions up to, and including, 2.2.0. This makes it possible for...
CVE-2024-13824
The CiyaShop - Multipurpose WooCommerce Theme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.19.0 via deserialization of untrusted input in the 'addciyashopwishlist' and 'ciyashopgetcompare' functions. This makes it possible for unauthenticated...
CVE-2024-13824
The CiyaShop - Multipurpose WooCommerce Theme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.19.0 via deserialization of untrusted input in the 'addciyashopwishlist' and 'ciyashopgetcompare' functions. This makes it possible for unauthenticated...
CVE-2024-13824 CiyaShop - Multipurpose WooCommerce Theme <= 4.19.0 - Unauthenticated PHP Object Injection
The CiyaShop - Multipurpose WooCommerce Theme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.19.0 via deserialization of untrusted input in the 'addciyashopwishlist' and 'ciyashopgetcompare' functions. This makes it possible for unauthenticated...
CVE-2024-13824 CiyaShop - Multipurpose WooCommerce Theme <= 4.19.0 - Unauthenticated PHP Object Injection
The CiyaShop - Multipurpose WooCommerce Theme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.19.0 via deserialization of untrusted input in the 'addciyashopwishlist' and 'ciyashopgetcompare' functions. This makes it possible for unauthenticated...
CVE-2024-13824
CVE-2024-13824 affects the CiyaShop theme for WordPress. It is an unauthenticated PHP Object Injection vulnerability in all versions up to and including 4.19.0, caused by deserialization of untrusted input in the add_ciyashop_wishlist and ciyashop_get_compare functions. Impact requires a POP chai...
WordPress plugin CiyaShop 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...
CVE-2024-10942
The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.89 via deserialization of untrusted input in the 'replaceserializedvalues' function. This makes it possible for unauthenticated attackers to inject a PHP Objec...
CVE-2024-10942 All in One WP Migration <= 7.89 - Unauthenticated PHP Object Injection
The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.89 via deserialization of untrusted input in the 'replaceserializedvalues' function. This makes it possible for unauthenticated attackers to inject a PHP Objec...
CVE-2024-10942 All in One WP Migration <= 7.89 - Unauthenticated PHP Object Injection
The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.89 via deserialization of untrusted input in the 'replaceserializedvalues' function. This makes it possible for unauthenticated attackers to inject a PHP Objec...
CVE-2024-10942
The CVE-2024-10942 entry concerns All-in-One WP Migration and Backup for WordPress (