CVE-2024-52439 WordPress Team Rosters plugin <= 4.8.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Mark O'Donnell Team Rosters team-rosters allows Object Injection.This issue affects Team Rosters: from n/a through = 4.8.2...

CVE-2024-52439 WordPress Team Rosters plugin <= 4.6 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Mark O’Donnell Team Rosters allows Object Injection.This issue affects Team Rosters: from n/a through 4.6...

CVE-2024-52440 WordPress Xpresslane Fast Checkout plugin <= 1.0.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Bueno Labs Pvt. Ltd. Xpresslane Fast Checkout allows Object Injection.This issue affects Xpresslane Fast Checkout: from n/a through 1.0.0...

CVE-2024-52441 WordPress Quick Learn plugin <= 1.0.1 - PHP Object Injection vulnerability

Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution' vulnerability in Rajesh Thanoch Quick Learn quick-learn allows Object Injection.This issue affects Quick Learn: from n/a through = 1.0.1...

CVE-2024-52441 WordPress Quick Learn plugin <= 1.0.1 - PHP Object Injection vulnerability

Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution' vulnerability in Rajesh Thanoch Quick Learn quick-learn allows Object Injection.This issue affects Quick Learn: from n/a through = 1.0.1...

CVE-2024-52443 WordPress Geolocator plugin <= 1.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in masikonis Geolocator geolocator allows Object Injection.This issue affects Geolocator: from n/a through = 1.1...

CVE-2024-52446 WordPress Buying Buddy IDX CRM plugin <= 1.2.8 - CSRF to PHP Object Injection vulnerability

Cross-Site Request Forgery CSRF vulnerability in Buying Buddy Buying Buddy IDX CRM buying-buddy-idx-crm allows Object Injection.This issue affects Buying Buddy IDX CRM: from n/a through = 1.2.8...

WordPress Clone Plugin <= 2.4.6 is vulnerable to PHP Object Injection

Software Clone Type Plugin Vulnerable versions = 2.4.6 Fixed in 2.4.7 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-10913 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 3676e7fb18ec Credits Webbernaut Required privilege Unauthenticated...

WordPress Grid View Gallery Plugin <= 1.0 is vulnerable to PHP Object Injection

Software Grid View Gallery Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-11409 Patch priority Medium CVSS severity Medium 7.2 Developer Claim ownership PSID ccd9bf1d982e Credits Francesco Carlucci Required privilege...

Drupal core - Moderately critical - Gadget chain - SA-CORE-2024-008

Drupal core contains a potential PHP Object Injection vulnerability that if combined with another exploit could lead to Remote Code Execution. It is not directly exploitable. This issue is mitigated by the fact that in order for it to be exploitable, a separate vulnerability must be present to...

Drupal core - Moderately critical - Gadget chain - SA-CORE-2024-007

Drupal core contains a potential PHP Object Injection vulnerability that if combined with another exploit could lead to Remote Code Execution. It is not directly exploitable. This issue is mitigated by the fact that in order for it to be exploitable, a separate vulnerability must be present to...

Node export - Moderately critical - Arbitrary PHP code execution - SA-CONTRIB-2024-061

This module allows users to export nodes and then import it into another Drupal installation, or on the same site. In certain cases the module doesn't sufficiently sanitize data before passing it to PHP's unserialize function, which could results in Remote Code Execution via PHP Object Injection...

Drupal core - Less critical - Gadget chain - SA-CORE-2024-006

Drupal core contains a potential PHP Object Injection vulnerability that if combined with another exploit could lead to Artbitrary File Deletion. It is not directly exploitable. This issue is mitigated by the fact that in order to be exploitable, a separate vulnerability must be present that allo...

Mailjet - Moderately critical - Arbitrary PHP code execution - SA-CONTRIB-2024-062

This module for Drupal provides complete control of Email settings with Drupal and Mailjet. In certain cases the module doesn't securely pass data to PHP's unserialize function, which could result in Remote Code Execution via PHP Object Injection. This vulnerability is mitigated by the fact that ...

CVE-2024-52430 WordPress Lis Video Gallery plugin <= 0.2.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in bublick Lis Video Gallery lis-video-gallery allows Object Injection.This issue affects Lis Video Gallery: from n/a through = 0.2.1...

CVE-2024-52432 WordPress NIX Anti-Spam Light plugin <= 0.0.4 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in NIX Solutions Ltd NIX Anti-Spam Light nix-anti-spam-light allows Object Injection.This issue affects NIX Anti-Spam Light: from n/a through = 0.0.4...

CVE-2024-52432

CVE-2024-52432 concerns the WordPress NIX Anti-Spam Light plugin (versions

CVE-2024-52432 WordPress NIX Anti-Spam Light plugin <= 0.0.4 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in NIX Solutions Ltd NIX Anti-Spam Light nix-anti-spam-light allows Object Injection.This issue affects NIX Anti-Spam Light: from n/a through = 0.0.4...

CVE-2024-52433 WordPress My Geo Posts Free plugin <= 1.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Mindstien Technologies My Geo Posts Free my-geo-posts-free allows Object Injection.This issue affects My Geo Posts Free: from n/a through = 1.2...

CVE-2024-52433

The CVE CVE-2024-52433 affects My Geo Posts Free (WordPress plugin) up to version 1.2. It is a PHP Object Injection vulnerability triggered by deserialization of untrusted input, allowing unauthenticated object injection. The Nuclei template specifies the flaw is in versions up to 1.2 and notes n...