3726 matches found
CVE-2024-13636
Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-24926. Reason: This candidate is a reservation duplicate of CVE-2024-24926. Notes: All CVE users should reference CVE-2024-24926 instead of this candidate. All references and descriptions in this candidate have been...
CVE-2024-13636
CVE-2024-13636 is rejected/not used and does not represent an active vulnerability entry.
CVE-2024-13636
...
CVE-2024-13636
...
CVE-2024-13556
The Affiliate Links: WordPress Plugin for Link Cloaking and Link Management plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.1 via deserialization of untrusted input from an file export. This makes it possible for unauthenticated attackers to...
CVE-2024-13556
The Affiliate Links: WordPress Plugin for Link Cloaking and Link Management plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.1 via deserialization of untrusted input from an file export. This makes it possible for unauthenticated attackers to...
CVE-2024-13556 Affiliate Links: WordPress Plugin for Link Cloaking and Link Management <= 3.0.1 - Missing Authorization to Unauthenticated Import/Export and PHP Object Injection
The Affiliate Links: WordPress Plugin for Link Cloaking and Link Management plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.1 via deserialization of untrusted input from an file export. This makes it possible for unauthenticated attackers to...
CVE-2024-13556
CVE-2024-13556 affects the WordPress plugin “Affiliate Links: WordPress Plugin for Link Cloaking and Link Management.” The vulnerability is a PHP Object Injection via deserialization of untrusted input from a file export, affecting all versions up to 3.0.1. An unauthenticated attacker could injec...
CVE-2024-13556 Affiliate Links: WordPress Plugin for Link Cloaking and Link Management <= 3.0.1 - Missing Authorization to Unauthenticated Import/Export and PHP Object Injection
The Affiliate Links: WordPress Plugin for Link Cloaking and Link Management plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.1 via deserialization of untrusted input from an file export. This makes it possible for unauthenticated attackers to...
WordPress plugin Affiliate Links 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress Affiliate Links plugin <= 3.0.1 - Missing Authorization to Unauthenticated Import/Export and PHP Object Injection vulnerability
Missing Authorization to Unauthenticated Import/Export and PHP Object Injection vulnerability discovered by Lucio Sá in WordPress Plugin Affiliate Links Lite versions = 3.0.1...
CVE-2024-12562
The s2Member Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 241216 via deserialization of untrusted input from the 's2memberproremoteop' vulnerable parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. No know...
CVE-2024-12562
The s2Member Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 241216 via deserialization of untrusted input from the 's2memberproremoteop' vulnerable parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. No know...
CVE-2024-12562
The s2Member Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 241216 via deserialization of untrusted input from the 's2memberproremoteop' vulnerable parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. No know...
CVE-2024-12562 s2Member Pro <= 241216 - Unauthenticated PHP Object Injection
The s2Member Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 241216 via deserialization of untrusted input from the 's2memberproremoteop' vulnerable parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. No know...
CVE-2024-12562 s2Member Pro <= 241216 - Unauthenticated PHP Object Injection
The s2Member Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 241216 via deserialization of untrusted input from the 's2memberproremoteop' vulnerable parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. No know...
CVE-2024-12562
The CVE-2024-12562 entry concerns the WordPress s2Member Pro plugin (versions up to 241216) and describes a PHP Object Injection via deserialization of untrusted input from the s2member_pro_remote_op parameter. The issue allows unauthenticated attackers to inject a PHP Object. The vulnerability i...
CVE-2024-13770
The Puzzles | WP Magazine / Review with Store WordPress Theme + RTL theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.2.4 via deserialization of untrusted input 'viewmoreposts' AJAX action. This makes it possible for unauthenticated attackers to...
PT-2025-6522 · WordPress · S2Member Pro
Name of the Vulnerable Software and Affected Versions: s2Member Pro plugin for WordPress versions up to, and including, 241216 Description: The s2Member Pro plugin for WordPress is vulnerable to PHP Object Injection via deserialization of untrusted input from the s2member pro remote op parameter...
WordPress s2Member Pro plugin <= 241216 - Unauthenticated PHP Object Injection vulnerability
Unauthenticated PHP Object Injection vulnerability discovered by István Márton in WordPress Plugin s2Member versions = 241216...