WordPress plugin All-in-One WP Migration and Backup 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...

CVE-2024-13906

The Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.7.3 via deserialization of untrusted input in the 'importgalleryfromcsv' function. This makes it possible for...

CVE-2025-0956

The WooCommerce Recover Abandoned Cart plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 24.4.0 via deserialization of untrusted input from the 'raccookieguestemail' cookie. This makes it possible for unauthenticated attackers to inject a PHP Object...

CVE-2024-13777

The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.91 via deserialization of untrusted input from the 'margs' parameter. This makes it possible for unauthenticated attackers to inject a PHP...

CVE-2024-13787

The VEDA - MultiPurpose WordPress Theme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.2 via deserialization of untrusted input in the 'vedabackupandrestoreaction' function. This makes it possible for authenticated attackers, with Subscriber-leve...

CVE-2024-13906

The Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.7.3 via deserialization of untrusted input in the 'importgalleryfromcsv' function. This makes it possible for...

CVE-2024-13906 Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress <= 4.7.3 - Authenticated (Administrator+) PHP Object Injection

The Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.7.3 via deserialization of untrusted input in the 'importgalleryfromcsv' function. This makes it possible for...

CVE-2024-13906 Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress <= 4.7.3 - Authenticated (Administrator+) PHP Object Injection

The Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.7.3 via deserialization of untrusted input in the 'importgalleryfromcsv' function. This makes it possible for...

CVE-2024-13906

The CVE-2024-13906 entry pertains to Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress (WordPress plugin) versions

WordPress plugin Gallery by BestWebSoft 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in WordPres...

WordPress Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress plugin <= 4.7.3 - Authenticated (Administrator+) PHP Object Injection vulnerability

Authenticated Administrator+ PHP Object Injection vulnerability discovered by Hoang Phuc Vo HrxKnight in WordPress Plugin Gallery versions = 4.7.3...

CVE-2025-0912

The Donations Widget plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.19.4 via deserialization of untrusted input from the Donation Form through the 'cardaddress' parameter. This makes it possible for unauthenticated attackers to inject a PHP...

CVE-2025-0956

The WooCommerce Recover Abandoned Cart plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 24.4.0 via deserialization of untrusted input from the 'raccookieguestemail' cookie. This makes it possible for unauthenticated attackers to inject a PHP Object...

CVE-2024-13787

The VEDA - MultiPurpose WordPress Theme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.2 via deserialization of untrusted input in the 'vedabackupandrestoreaction' function. This makes it possible for authenticated attackers, with Subscriber-leve...

CVE-2024-13777

The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.91 via deserialization of untrusted input from the 'margs' parameter. This makes it possible for unauthenticated attackers to inject a PHP...

CVE-2024-13787 VEDA - MultiPurpose WordPress Theme <= 4.2 - Authenticated (Subscriber+) PHP Object Injection

The VEDA - MultiPurpose WordPress Theme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.2 via deserialization of untrusted input in the 'vedabackupandrestoreaction' function. This makes it possible for authenticated attackers, with Subscriber-leve...

CVE-2024-13787

CVE-2024-13787 affects VEDA – MultiPurpose WordPress Theme up to version 4.2. It is vulnerable to PHP Object Injection via deserialization in veda_backup_and_restore_action. Exploitation requires authenticated access (Subscriber+) and the base vulnerability has no POP chain in the theme itself; a...

CVE-2024-13787 VEDA - MultiPurpose WordPress Theme <= 4.2 - Authenticated (Subscriber+) PHP Object Injection

The VEDA - MultiPurpose WordPress Theme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.2 via deserialization of untrusted input in the 'vedabackupandrestoreaction' function. This makes it possible for authenticated attackers, with Subscriber-leve...

CVE-2024-13777 ZoomSounds - WordPress Wave Audio Player with Playlist <= 6.91 - Unauthenticated PHP Object Injection

The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.91 via deserialization of untrusted input from the 'margs' parameter. This makes it possible for unauthenticated attackers to inject a PHP...

CVE-2024-13777

The CVE-2024-13777 entry covers ZoomSounds – WordPress Wave Audio Player with Playlist (WordPress plugin) up to version 6.91. It is vulnerable to PHP Object Injection via deserialization of untrusted input in the margs parameter, allowing unauthenticated attackers to inject a PHP object. The base...