WordPress My Geo Posts Free Plugin <= 1.2 is vulnerable to PHP Object Injection

Software My Geo Posts Free Type Plugin Vulnerable versions = 1.2 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-52433 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID abf48ca2de6d Credits Mika Required privilege Unauthenticated...

WordPress NIX Anti-Spam Light Plugin <= 0.0.4 is vulnerable to PHP Object Injection

Software NIX Anti-Spam Light Type Plugin Vulnerable versions = 0.0.4 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-52432 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID ce1317202bf3 Credits LVT-tholv2k Required privilege...

CVE-2024-10962

The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.9.107 via deserialization of untrusted input in the 'replacerowdata' and 'replaceserializedata' functions. This makes it possible for unauthenticated attacke...

CVE-2024-10962

The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.9.107 via deserialization of untrusted input in the 'replacerowdata' and 'replaceserializedata' functions. This makes it possible for unauthenticated attacke...

CVE-2024-10962

The CVE-2024-10962 entry concerns the WPvivid (Migration, Backup, Staging) WordPress plugin, affected in versions up to and including 0.9.107. It describes an unauthenticated PHP Object Injection vulnerability caused by deserialization of untrusted input in the replace_row_data and replace_serial...

CVE-2024-10962 Migration, Backup, Staging – WPvivid <= 0.9.107 - Unauthenticated PHP Object Injection

The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.9.107 via deserialization of untrusted input in the 'replacerowdata' and 'replaceserializedata' functions. This makes it possible for unauthenticated attacke...

WordPress WPvivid Backup and Migration Plugin <= 0.9.107 is vulnerable to PHP Object Injection

Software WPvivid Backup and Migration Type Plugin Vulnerable versions = 0.9.107 Fixed in 0.9.108 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-10962 Patch priority Low CVSS severity Low 9.8 Developer Claim ownership PSID b2861821d90b Credits Webbernaut Required...

PT-2024-16666 · WordPress · Migration

Name of the Vulnerable Software and Affected Versions: Migration, Backup, Staging – WPvivid plugin for WordPress versions up to, and including, 0.9.107 Description: The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to PHP Object Injection via deserialization of untrusted...

WordPress SK WP Settings Backup plugin <= 1.0 - CSRF to PHP Object Injection vulnerability

CSRF to PHP Object Injection vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin SK WP Settings Backup versions = 1.0...

WordPress WDES Responsive Mobile Menu plugin <= 5.3.18 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin WDES Responsive Mobile Menu versions = 5.3.18...

WordPress Xin theme <= 1.0.8.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Mika Patchstack Alliance in WordPress Theme Xin versions = 1.0.8.1...

WordPress Advanced Personalization plugin <= 1.1.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Bonds Patchstack Alliance in WordPress Plugin Advanced Personalization versions = 1.1.2...

WordPress Referrer Detector plugin <= 4.2.1.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Bonds Patchstack Alliance in WordPress Plugin Referrer Detector versions = 4.2.1.0...

CVE-2024-10828

The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.5 via deserialization of untrusted input during Order export when the "Try to convert serialized values" option is enabled. This makes it possible for...

CVE-2024-10828

The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.5 via deserialization of untrusted input during Order export when the "Try to convert serialized values" option is enabled. This makes it possible for...

CVE-2024-10828

CVE-2024-10828 affects the WordPress plugin Advanced Order Export For WooCommerce (

CVE-2024-10828 Advanced Order Export For WooCommerce <= 3.5.5 - Unauthenticated PHP Object Injection via Order Details

The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.5 via deserialization of untrusted input during Order export when the "Try to convert serialized values" option is enabled. This makes it possible for...

CVE-2024-10828 Advanced Order Export For WooCommerce <= 3.5.5 - Unauthenticated PHP Object Injection via Order Details

The Advanced Order Export For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.5.5 via deserialization of untrusted input during Order export when the "Try to convert serialized values" option is enabled. This makes it possible for...

WordPress Xin Theme <= 1.0.8.1 is vulnerable to PHP Object Injection

Software Xin Type Theme Vulnerable versions = 1.0.8.1 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-52412 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID da7dd1423a5a Credits Mika Required privilege Unauthenticated Published 13...

WordPress Advanced Personalization Plugin <= 1.1.2 is vulnerable to PHP Object Injection

Software Advanced Personalization Type Plugin Vulnerable versions = 1.1.2 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-52411 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 2cda7f7032dc Credits Bonds Required privilege...