3726 matches found
CVE-2025-0429
The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form'postcontent' variable through the wpaicgexportaiforms function. This allows authenticated attackers, with...
CVE-2025-0428
The CVE refers to WordPress plugin AI Power: Complete AI Pack (up to version 1.8.96). It is vulnerable to PHP Object Injection via deserialization of untrusted data in $form['post_content'] through wpaicg_export_prompts, exploitable by authenticated admins. There is no POP chain in the plugin its...
CVE-2025-0429
CVE-2025-0429 affects the WordPress plugin AI Power: Complete AI Pack up to version 1.8.96 . The issue is a PHP Object Injection via deserialization of untrusted input from the form field $form['post_content'] inside the function wpaicg_export_ai_forms(). Exploitation requires an authenticated at...
CVE-2025-0429 AI Power: Complete AI Pack <= 1.8.96 - Authenticated (Admin+) PHP Object Injection via wpaicg_export_ai_forms
The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form'postcontent' variable through the wpaicgexportaiforms function. This allows authenticated attackers, with...
CVE-2025-0428 AI Power: Complete AI Pack <= 1.8.96 - Authenticated (Admin+) PHP Object Injection via wpaicg_export_prompts
The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form'postcontent' variable through the wpaicgexportprompts function. This allows authenticated attackers, with...
CVE-2025-0429 AI Power: Complete AI Pack <= 1.8.96 - Authenticated (Admin+) PHP Object Injection via wpaicg_export_ai_forms
The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form'postcontent' variable through the wpaicgexportaiforms function. This allows authenticated attackers, with...
CVE-2025-0428 AI Power: Complete AI Pack <= 1.8.96 - Authenticated (Admin+) PHP Object Injection via wpaicg_export_prompts
The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form'postcontent' variable through the wpaicgexportprompts function. This allows authenticated attackers, with...
WordPress plugin AI Power 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...
WordPress AI Power: Complete AI Pack plugin <= 1.8.96 - Authenticated (Admin+) PHP Object Injection vulnerability
Authenticated Admin+ PHP Object Injection vulnerability discovered by Tran Anh Duc in WordPress Plugin GPT3 AI Content Writer versions = 1.8.96...
CVE-2024-49699 WordPress ARPrice plugin <= 4.1.3 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in reputeinfosystems ARPrice arprice allows Object Injection.This issue affects ARPrice: from n/a through = 4.1.3...
CVE-2024-49699
The CVE-2024-49699 entry refers to a PHP object-injection vulnerability in the WordPress ARPrice plugin. Affected versions are n/a up to 4.0.3 (and related reports mention
CVE-2024-49699 WordPress ARPrice plugin <= 4.1.3 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in reputeinfosystems ARPrice arprice allows Object Injection.This issue affects ARPrice: from n/a through = 4.1.3...
CVE-2024-10936
The String locator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.6 via deserialization of untrusted input in the 'recursiveunserializereplace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP...
CVE-2024-10936 String Locator <= 2.6.6 - Unauthenticated PHP Object Injection
The String locator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.6 via deserialization of untrusted input in the 'recursiveunserializereplace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP...
CVE-2024-10936 String Locator <= 2.6.6 - Unauthenticated PHP Object Injection
The String locator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.6 via deserialization of untrusted input in the 'recursiveunserializereplace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP...
CVE-2024-10936
CVE-2024-10936 relates to the WordPress String Locator plugin (versions up to 2.6.6). The vulnerability enables unauthenticated PHP Object Injection via deserialization in the recursive_unserialize_replace function. If a POP chain exists through another plugin/theme, an attacker could delete arbi...
WordPress aDirectory plugin <= 1.6.5 - Unauthenticated PHP Object Injection vulnerability
Unauthenticated PHP Object Injection vulnerability discovered by - in WordPress Plugin aDirectory versions = 1.6.5...
PT-2025-1615 · WordPress · String Locator
Name of the Vulnerable Software and Affected Versions: String Locator plugin for WordPress versions up to 2.6.6 Description: The String Locator plugin for WordPress is vulnerable to PHP Object Injection due to the deserialization of untrusted input in the recursive unserialize replace function...
WordPress FundPress plugin <= 2.0.6 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Le Ngoc Anh in WordPress Plugin FundPress versions = 2.0.6...
WordPress Quick Count Plugin <= 3.00 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Quick Count versions = 3.00...