WordPress plugin Compare Products for WooCommerce 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in the...

WordPress plugin Custom Product Tabs for WooCommerce 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...

WordPress Custom Product Tabs for WooCommerce plugin <= 1.8.5 - Authenticated (Shop Manager+) PHP Object Injection vulnerability

Authenticated Shop Manager+ PHP Object Injection vulnerability discovered by Francesco Carlucci in WordPress Plugin Custom Product Tabs for WooCommerce versions = 1.8.5...

CVE-2024-10957

The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions from 1.23.8 to 1.24.11 via deserialization of untrusted input in the 'recursiveunserializedreplace' function. This makes it possible for unauthenticated attackers to inject a P...

CVE-2024-10957 UpdraftPlus: WP Backup & Migration Plugin 1.23.8 - 1.24.11 - Unauthenticated PHP Object Injection

The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions from 1.23.8 to 1.24.11 via deserialization of untrusted input in the 'recursiveunserializedreplace' function. This makes it possible for unauthenticated attackers to inject a P...

CVE-2024-10957 UpdraftPlus: WP Backup & Migration Plugin 1.23.8 - 1.24.11 - Unauthenticated PHP Object Injection

The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions from 1.23.8 to 1.24.11 via deserialization of untrusted input in the 'recursiveunserializedreplace' function. This makes it possible for unauthenticated attackers to inject a P...

CVE-2024-10957

CVE-2024-10957 affects UpdraftPlus: WP Backup & Migration Plugin (versions 1.23.8–1.24.11). It provides an unauthenticated PHP Object Injection via deserialization in recursive_unserialized_replace. No POP chain is present by default; exploitation requires a POP chain from another plugin/theme in...

CVE-2024-10932

The Backup Migration plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.6 via deserialization of untrusted input in the 'recursiveunserializereplace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. The...

CVE-2024-10932 Backup Migration <= 1.4.6 - Unauthenticated PHP Object Injection via 'recursive_unserialize_replace'

The Backup Migration plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.6 via deserialization of untrusted input in the 'recursiveunserializereplace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. The...

CVE-2024-10932

CVE-2024-10932 (Backup Migration, WordPress) Vulnerability: unauthenticated PHP Object Injection via deserialization in recursive_unserialize_replace, affecting all versions up to 1.4.6. Exploit can inject a PHP object; when a POP chain is present, an attacker can delete arbitrary files, retrieve...

CVE-2024-10932 Backup Migration <= 1.4.6 - Unauthenticated PHP Object Injection via 'recursive_unserialize_replace'

The Backup Migration plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.6 via deserialization of untrusted input in the 'recursiveunserializereplace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. The...

WordPress plugin Backup Migration 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

WordPress WPGuppy plugin <= 1.1.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by l8BL Patchstack Alliance in WordPress Plugin WPGuppy versions = 1.1.0...

CVE-2024-56068 WordPress WP SuperBackup plugin <= 2.3.3 - Subscriber+ PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in azzaroco WP SuperBackup indeed-wp-superbackup.This issue affects WP SuperBackup: from n/a through = 2.3.3...

CVE-2024-56068 WordPress WP SuperBackup plugin <= 2.3.3 - Subscriber+ PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Azzaroco WP SuperBackup.This issue affects WP SuperBackup: from n/a through 2.3.3...

CVE-2024-56068

CVE-2024-56068 concerns the WordPress WP SuperBackup plugin up to version 2.3.3, where a Deserialization of Untrusted Data flaw enables a Subscriber+ PHP Object Injection vulnerability. Root cause: unsafe deserialization of data in the affected plugin, enabling potential code execution via object...

CVE-2024-12721

The Custom Product Tabs For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.4 via deserialization of untrusted input from the 'wbcustomtabs' parameter. This makes it possible for authenticated attackers, with Shop Manager-level acce...

CVE-2024-12721

The Custom Product Tabs For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.4 via deserialization of untrusted input from the 'wbcustomtabs' parameter. This makes it possible for authenticated attackers, with Shop Manager-level acce...

CVE-2024-12721 Custom Product Tabs For WooCommerce <= 1.2.4 - Authenticated (Shop Manager+) PHP Object Injection

The Custom Product Tabs For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.4 via deserialization of untrusted input from the 'wbcustomtabs' parameter. This makes it possible for authenticated attackers, with Shop Manager-level acce...

CVE-2024-12721 Custom Product Tabs For WooCommerce <= 1.2.4 - Authenticated (Shop Manager+) PHP Object Injection

The Custom Product Tabs For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.4 via deserialization of untrusted input from the 'wbcustomtabs' parameter. This makes it possible for authenticated attackers, with Shop Manager-level acce...