3753 matches found
CVE-2024-11465
The Custom Product Tabs for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.8.5 via deserialization of untrusted input in the 'yikeswooproductstabs' post meta parameter. This makes it possible for authenticated attackers, with Shop...
CVE-2024-12313 Compare Products for WooCommerce <= 3.2.1 - Unauthenticated PHP Object Injection
The Compare Products for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.1 via deserialization of untrusted input from the 'woocomparelist' cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No know...
CVE-2024-12313 Compare Products for WooCommerce <= 3.2.1 - Unauthenticated PHP Object Injection
The Compare Products for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.1 via deserialization of untrusted input from the 'woocomparelist' cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No know...
CVE-2024-12313
CVE-2024-12313 : The Compare Products for WooCommerce plugin for WordPress is vulnerable to unauthenticated PHP Object Injection in all versions up to 3.2.1 via deserialization of untrusted input from the woo_compare_list cookie. The vulnerability allows an attacker to inject a PHP Object. The de...
CVE-2024-11465 Custom Product Tabs for WooCommerce <= 1.8.5 - Authenticated (Shop Manager+) PHP Object Injection
The Custom Product Tabs for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.8.5 via deserialization of untrusted input in the 'yikeswooproductstabs' post meta parameter. This makes it possible for authenticated attackers, with Shop...
CVE-2024-11465
CVE-2024-11465 affects the Custom Product Tabs for WooCommerce plugin for WordPress (
CVE-2024-11465 Custom Product Tabs for WooCommerce <= 1.8.5 - Authenticated (Shop Manager+) PHP Object Injection
The Custom Product Tabs for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.8.5 via deserialization of untrusted input in the 'yikeswooproductstabs' post meta parameter. This makes it possible for authenticated attackers, with Shop...
WordPress plugin Compare Products for WooCommerce 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in the...
WordPress plugin Custom Product Tabs for WooCommerce 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...
WordPress Custom Product Tabs for WooCommerce plugin <= 1.8.5 - Authenticated (Shop Manager+) PHP Object Injection vulnerability
Authenticated Shop Manager+ PHP Object Injection vulnerability discovered by Francesco Carlucci in WordPress Plugin Custom Product Tabs for WooCommerce versions = 1.8.5...
CVE-2024-10957
The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions from 1.23.8 to 1.24.11 via deserialization of untrusted input in the 'recursiveunserializedreplace' function. This makes it possible for unauthenticated attackers to inject a P...
CVE-2024-10957 UpdraftPlus: WP Backup & Migration Plugin 1.23.8 - 1.24.11 - Unauthenticated PHP Object Injection
The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions from 1.23.8 to 1.24.11 via deserialization of untrusted input in the 'recursiveunserializedreplace' function. This makes it possible for unauthenticated attackers to inject a P...
CVE-2024-10957
CVE-2024-10957 affects UpdraftPlus: WP Backup & Migration Plugin (versions 1.23.8–1.24.11). It provides an unauthenticated PHP Object Injection via deserialization in recursive_unserialized_replace. No POP chain is present by default; exploitation requires a POP chain from another plugin/theme in...
CVE-2024-10957 UpdraftPlus: WP Backup & Migration Plugin 1.23.8 - 1.24.11 - Unauthenticated PHP Object Injection
The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions from 1.23.8 to 1.24.11 via deserialization of untrusted input in the 'recursiveunserializedreplace' function. This makes it possible for unauthenticated attackers to inject a P...
CVE-2024-10932
The Backup Migration plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.6 via deserialization of untrusted input in the 'recursiveunserializereplace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. The...
CVE-2024-10932 Backup Migration <= 1.4.6 - Unauthenticated PHP Object Injection via 'recursive_unserialize_replace'
The Backup Migration plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.6 via deserialization of untrusted input in the 'recursiveunserializereplace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. The...
CVE-2024-10932 Backup Migration <= 1.4.6 - Unauthenticated PHP Object Injection via 'recursive_unserialize_replace'
The Backup Migration plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.6 via deserialization of untrusted input in the 'recursiveunserializereplace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. The...
CVE-2024-10932
CVE-2024-10932 (Backup Migration, WordPress) Vulnerability: unauthenticated PHP Object Injection via deserialization in recursive_unserialize_replace, affecting all versions up to 1.4.6. Exploit can inject a PHP object; when a POP chain is present, an attacker can delete arbitrary files, retrieve...
WordPress plugin Backup Migration 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...
WordPress WPGuppy plugin <= 1.1.0 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by l8BL Patchstack Alliance in WordPress Plugin WPGuppy versions = 1.1.0...