3726 matches found
CVE-2024-13831
The Tabs for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input in the 'producthascustomtabs' function. This makes it possible for authenticated attackers, with Shop Manager-level access and...
CVE-2024-13833
The Album Gallery – WordPress Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.3 via deserialization of untrusted input from gallery meta. This makes it possible for authenticated attackers, with Editor-level access and above, to inject ...
CVE-2024-13833 Album Gallery – WordPress Gallery <= 1.6.3 - Authenticated (Editor+) PHP Object Injection via Gallery Meta
The Album Gallery – WordPress Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.3 via deserialization of untrusted input from gallery meta. This makes it possible for authenticated attackers, with Editor-level access and above, to inject ...
CVE-2024-13833 Album Gallery – WordPress Gallery <= 1.6.3 - Authenticated (Editor+) PHP Object Injection via Gallery Meta
The Album Gallery – WordPress Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.3 via deserialization of untrusted input from gallery meta. This makes it possible for authenticated attackers, with Editor-level access and above, to inject ...
CVE-2024-13833
CVE-2024-13833: Album Gallery – WordPress Gallery plugin vulnerable to authenticated PHP Object Injection via gallery meta in all versions
WordPress Album Gallery – WordPress Gallery plugin <= 1.6.3 - Authenticated (Editor+) PHP Object Injection via Gallery Meta vulnerability
Authenticated Editor+ PHP Object Injection via Gallery Meta vulnerability discovered by Francesco Carlucci in WordPress Plugin Album Gallery – WordPress Gallery versions = 1.6.3...
CVE-2024-13831
The Tabs for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input in the 'producthascustomtabs' function. This makes it possible for authenticated attackers, with Shop Manager-level access and...
CVE-2024-13831 Tabs for WooCommerce <= 1.0.0 - Authentiated (Shop Manager+) PHP Object Injection in product_has_custom_tabs
The Tabs for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input in the 'producthascustomtabs' function. This makes it possible for authenticated attackers, with Shop Manager-level access and...
CVE-2024-13831 Tabs for WooCommerce <= 1.0.0 - Authentiated (Shop Manager+) PHP Object Injection in product_has_custom_tabs
The Tabs for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input in the 'producthascustomtabs' function. This makes it possible for authenticated attackers, with Shop Manager-level access and...
CVE-2024-13831
CVE-2024-13831 concerns Tabs for WooCommerce (WordPress)
CVE-2025-26900 WordPress Flexmls® IDX Plugin Plugin <= 3.14.27 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in flexmls Flexmls® IDX flexmls-idx allows Object Injection.This issue affects Flexmls® IDX: from n/a through = 3.14.27...
Drupal 11.1.x < 11.1.3 Multiple Vulnerabilities
According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - Drupal core doesn't sufficiently filter error messages under certain circumstances, leading to a reflected Cross Site Scripting vulnerability XSS. - Bulk operations allow...
Drupal 11.0.x < 11.0.12 Multiple Vulnerabilities
According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - Drupal core doesn't sufficiently filter error messages under certain circumstances, leading to a reflected Cross Site Scripting vulnerability XSS. - Bulk operations allow...
Drupal 10.4.x < 10.4.3 Multiple Vulnerabilities
According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - Drupal core doesn't sufficiently filter error messages under certain circumstances, leading to a reflected Cross Site Scripting vulnerability XSS. - Bulk operations allow...
Drupal 8.0.x < 10.3.13 Multiple Vulnerabilities
According to its self-reported version number, the detected Drupal application is affected by multiple vulnerabilities : - Drupal core doesn't sufficiently filter error messages under certain circumstances, leading to a reflected Cross Site Scripting vulnerability XSS. - Bulk operations allow...
CVE-2024-13899
The Mambo Importer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0 via deserialization of untrusted input via the $data parameter in the fImportMenu function. This makes it possible for authenticated attackers, with Administrator-level access a...
WordPress ProfileGrid Plugin <= 5.9.4.3 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Phat RiO - Fore-Z co.ltd in WordPress Plugin ProfileGrid versions = 5.9.4.3...
WordPress Events Calendar for GeoDirectory plugin <= 2.3.14 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Tran Nguyen Bao KhanhVCI - VNPT in WordPress Plugin Events Calendar for GeoDirectory versions = 2.3.14...
WordPress Flexmls® IDX Plugin Plugin <= 3.14.27 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Phat RiO - Fore-Z co.ltd in WordPress Plugin Flexmls® IDX versions = 3.14.27...
CVE-2025-26763 WordPress Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider Plugin <= 3.94.0 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in MetaSlider Responsive Slider by MetaSlider ml-slider allows Object Injection.This issue affects Responsive Slider by MetaSlider: from n/a through = 3.94.0...