CVE-2024-12312

CVE-2024-12312 involves the Print Science Designer WordPress plugin. The vulnerability is a PHP Object Injection via deserialization of untrusted input in the designer-saved-projects cookie, affecting all versions up to 1.3.152. It allows unauthenticated attackers to inject a PHP object. The desc...

CVE-2024-12312 Print Science Designer <= 1.3.152 - Unauthenticated PHP Object Injection

The Print Science Designer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.152 via deserialization of untrusted input through the 'designer-saved-projects' cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No...

WordPress Print Science Designer plugin <= 1.3.152 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability discovered by Brian Sans-Souci liardom in WordPress Plugin Print Science Designer versions = 1.3.152...

PT-2024-17540 · WordPress · Print Science Designer

Name of the Vulnerable Software and Affected Versions: Print Science Designer plugin for WordPress versions up to, and including, 1.3.152 Description: The issue concerns a PHP Object Injection vulnerability in the Print Science Designer plugin for WordPress. This vulnerability arises from the...

WordPress ForumWP plugin <= 2.1.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin ForumWP versions = 2.1.0...

Drupal core contains a potential PHP Object Injection vulnerability

Drupal core contains a potential PHP Object Injection vulnerability that if combined with another exploit could lead to Remote Code Execution. It is not directly exploitable. This issue is mitigated by the fact that in order for it to be exploitable, a separate vulnerability must be present to...

Drupal core contains a potential PHP Object Injection vulnerability

Drupal core contains a potential PHP Object Injection vulnerability that if combined with another exploit could lead to Artbitrary File Deletion. It is not directly exploitable. This issue is mitigated by the fact that in order to be exploitable, a separate vulnerability must be present that allo...

Drupal core contains a potential PHP Object Injection vulnerability

Drupal core contains a potential PHP Object Injection vulnerability that if combined with another exploit could lead to Remote Code Execution. It is not directly exploitable. This issue is mitigated by the fact that in order for it to be exploitable, a separate vulnerability must be present to...

GHSA-938F-5R4F-H65V Drupal core contains a potential PHP Object Injection vulnerability

Drupal core contains a potential PHP Object Injection vulnerability that if combined with another exploit could lead to Artbitrary File Deletion. It is not directly exploitable. This issue is mitigated by the fact that in order to be exploitable, a separate vulnerability must be present that allo...

GHSA-GVF2-2F4G-JQF4 Drupal core contains a potential PHP Object Injection vulnerability

Drupal core contains a potential PHP Object Injection vulnerability that if combined with another exploit could lead to Remote Code Execution. It is not directly exploitable. This issue is mitigated by the fact that in order for it to be exploitable, a separate vulnerability must be present to...

GHSA-W6RX-9G2X-MG5G Drupal core contains a potential PHP Object Injection vulnerability

Drupal core contains a potential PHP Object Injection vulnerability that if combined with another exploit could lead to Remote Code Execution. It is not directly exploitable. This issue is mitigated by the fact that in order for it to be exploitable, a separate vulnerability must be present to...

CVE-2024-11501

The Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3 via deserialization of untrusted input from wdgallery$id parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object...

CVE-2024-11501 Gallery <= 1.3 - Authenticated (Contributor+) PHP Object Injection

The Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3 via deserialization of untrusted input from wdgallery$id parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object...

CVE-2024-11501 Gallery <= 1.3 - Authenticated (Contributor+) PHP Object Injection

The Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3 via deserialization of untrusted input from wdgallery$id parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object...

CVE-2024-11501

CVE-2024-11501 concerns the WordPress Gallery plugin (versions

WordPress plugin Gallery 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A code issue vulnerability exists in WordPress plug...

WordPress Gallery plugin <= 1.3 - Authenticated (Contributor+) PHP Object Injection vulnerability

Authenticated Contributor+ PHP Object Injection vulnerability discovered by Francesco Carlucci in WordPress Plugin Gallery versions = 1.3...

CVE-2024-10587

The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.7.5.1 via deserialization of untrusted input. This makes it possible for authenticated attackers,...

CVE-2024-10587 Funnelforms Free <= 3.7.5.1 - Authenticated (Contributor+) PHP Object Injection

The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.7.5.1 via deserialization of untrusted input. This makes it possible for authenticated attackers,...

CVE-2024-10587 Funnelforms Free <= 3.7.5.1 - Authenticated (Contributor+) PHP Object Injection

The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.7.5.1 via deserialization of untrusted input. This makes it possible for authenticated attackers,...