CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

0day.today•added 2025/01/15 12:0 a.m.•227 views

WordPress ARPrice 4.0.3 PHP Object Injection Vulnerability

CVE-2024-49699 ARPrice...

8.8CVSS8.9AI score0.00728EPSS

Packet Storm•added 2025/01/14 12:0 a.m.•189 views

WordPress ARPrice 4.0.3 PHP Object Injection

WordPress ARPrice plugin versions 4.0.3 and below suffer from an authenticated PHP object injection vulnerability. CVE-2024-49699 ARPrice = 4.0.3 - Authenticated Subscriber+ PHP Object Injection Description The ARPrice plugin for WordPress is vulnerable to PHP Object Injection in versions up to,...

8.8CVSS9AI score0.00728EPSS

Packet Storm•added 2025/01/14 12:0 a.m.•151 views

WordPress VRPConnector 2.0.1 PHP Object Injection

WordPress VRPConnector plugin versions 2.0.1 and below suffer from an unauthenticated PHP object injection vulnerability. CVE-2024-56058 VRPConnector = 2.0.1 - Unauthenticated PHP Object Injection Description The VRPConnector plugin for WordPress is vulnerable to PHP Object Injection in versions ...

9.8CVSS10AI score0.01632EPSS

Packet Storm•added 2025/01/14 12:0 a.m.•184 views

WordPress Partners 0.2.0 PHP Object Injection

WordPress Partners plugin versions 0.2.0 and below suffer from a deserialization vulnerability. CVE-2024-56059 Partners = 0.2.0 - Unauthenticated PHP Object Injection Description The Partners plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 0.2.0 via...

9.8CVSS9.7AI score0.01632EPSS

Exploits2

Cvelist•added 2025/01/13 1:10 p.m.•29 views

CVE-2025-22777 WordPress GiveWP Plugin <= 3.19.3 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in StellarWP GiveWP give allows Object Injection.This issue affects GiveWP: from n/a through = 3.19.3...

9.8CVSS0.00909EPSS

Exploits1References1

Vulnrichment•added 2025/01/13 1:10 p.m.•22 views

CVE-2025-22777 WordPress GiveWP Plugin <= 3.19.3 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in StellarWP GiveWP give allows Object Injection.This issue affects GiveWP: from n/a through = 3.19.3...

9.8CVSS7.2AI score0.00909EPSS

Exploits1References1

CVE•added 2025/01/13 1:10 p.m.•74 views

CVE-2025-22777

CVE-2025-22777 affects the GiveWP WordPress plugin, vulnerable in versions up to 3.19.3 due to Deserialization of Untrusted Data (PHP Object Injection). The issue enables object injection via the plugin’s logic, with high-severity impact (per reports) including potential remote code execution. A ...

9.8CVSS7.2AI score0.00909EPSS

Exploits1References2Affected Software1

GithubExploit•added 2025/01/13 11:27 a.m.•80 views

Exploit for CVE-2024-56058

CVE-2024-56058 VRPConnector = 2.0.1 - Unauthenticated PHP Obj...

9.8CVSS7.9AI score0.01632EPSS

OSV•added 2025/01/11 8:15 a.m.•2 views

CVE-2024-12877

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.19.2 via deserialization of untrusted input from the donation form like 'firstName'. This makes it possible for unauthenticated attackers to...

9.8CVSS7.9AI score0.01246EPSS

NVD•added 2025/01/11 8:15 a.m.•26 views

CVE-2024-12877

9.8CVSS0.01246EPSS

Vulnrichment•added 2025/01/11 7:21 a.m.•15 views

CVE-2024-12877 GiveWP – Donation Plugin and Fundraising Platform <= 3.19.2 - Unauthenticated PHP Object Injection

9.8CVSS8.3AI score0.01246EPSS

Cvelist•added 2025/01/11 7:21 a.m.•30 views

CVE-2024-12877 GiveWP – Donation Plugin and Fundraising Platform <= 3.19.2 - Unauthenticated PHP Object Injection

9.8CVSS0.01246EPSS

CVE•added 2025/01/11 7:21 a.m.•82 views

CVE-2024-12877

CVE-2024-12877 affects GiveWP – Donation Plugin and Fundraising Platform for WordPress (versions up to and including 3.19.2). Root cause: unsafe deserialization of untrusted input from donation forms, enabling PHP Object Injection; the presence of a POP chain can allow deletion of arbitrary files...

9.8CVSS10AI score0.01246EPSS

In wildExploits1References2Affected Software1

NVD•added 2025/01/11 3:15 a.m.•5 views

CVE-2024-12627

The Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.5 via deserialization of untrusted input from post content passed to the captureemail AJAX action. This...

7.5CVSS0.0053EPSS

Cvelist•added 2025/01/11 2:20 a.m.•7 views

CVE-2024-12627 Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups <= 1.3.5 - Missing Authorization to Authenticated (Contributor+) PHP Object Injection

7.5CVSS0.0053EPSS

Vulnrichment•added 2025/01/11 2:20 a.m.•4 views

CVE-2024-12627 Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups <= 1.3.5 - Missing Authorization to Authenticated (Contributor+) PHP Object Injection

7.5CVSS7.3AI score0.0053EPSS

CVE•added 2025/01/11 2:20 a.m.•28 views

CVE-2024-12627

CVE-2024-12627 - Coupon X: Discount Pop Up plugin (WordPress) is a PHP Object Injection vulnerability in versions up to 1.3.5, triggered by deserialization of untrusted input in the capture_email AJAX action. Authenticated attackers with Contributor-level access or higher can inject a PHP object....

7.5CVSS7.7AI score0.0053EPSS