WordPress Referrer Detector Plugin <= 4.2.1.0 is vulnerable to PHP Object Injection

Software Referrer Detector Type Plugin Vulnerable versions = 4.2.1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-52410 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 462ef6116947 Credits Bonds Required privilege Unauthenticat...

WordPress Airin Blog Theme <= 1.6.1 is vulnerable to PHP Object Injection

Software Airin Blog Type Theme Vulnerable versions = 1.6.1 Fixed in 1.6.3 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-52413 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 5d3bd1ffdbab Credits Mika Required privilege Unauthenticated...

WordPress WDES Responsive Mobile Menu Plugin <= 5.3.18 is vulnerable to PHP Object Injection

Software WDES Responsive Mobile Menu Type Plugin Vulnerable versions = 5.3.18 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-52414 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 3807cf50f771 Credits Mika Required privilege...

WordPress AJAX Random Posts Plugin <= 0.3.3 is vulnerable to PHP Object Injection

Software AJAX Random Posts Type Plugin Vulnerable versions = 0.3.3 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-52409 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 88448bab09ca Credits Bonds Required privilege Unauthenticated...

WordPress Advanced Order Export For WooCommerce plugin <= 3.5.5 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability discovered by Webbernaut in WordPress Plugin Advanced Order Export For WooCommerce versions = 3.5.5...

WordPress Advanced Order Export For WooCommerce Plugin <= 3.5.5 is vulnerable to PHP Object Injection

Software Advanced Order Export For WooCommerce Type Plugin Vulnerable versions = 3.5.5 Fixed in 3.5.6 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-10828 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 52652ce9166f Credits Webbernaut Require...

CVE-2024-50507 WordPress DS.DownloadList plugin <= 1.3 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Daschmi DS.DownloadList dsdownloadlist allows Object Injection.This issue affects DS.DownloadList: from n/a through = 1.3...

CVE-2024-50408 WordPress Namaste! LMS plugin <= 2.6.3 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Bob Namaste! LMS namaste-lms allows Object Injection.This issue affects Namaste! LMS: from n/a through = 2.6.3...

CVE-2024-50408 WordPress Namaste! LMS plugin <= 2.6.3 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Bob Namaste! LMS namaste-lms allows Object Injection.This issue affects Namaste! LMS: from n/a through = 2.6.3...

WordPress DS.DownloadList Plugin <= 1.3 is vulnerable to PHP Object Injection

Software DS.DownloadList Type Plugin Vulnerable versions = 1.3 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-50507 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 98ea8810e98b Credits Mika Required privilege Unauthenticated...

WordPress All-in-One WP Migration Plugin <= 7.86 is vulnerable to PHP Object Injection

Software All-in-One WP Migration Type Plugin Vulnerable versions = 7.86 Fixed in 7.87 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-9162 Patch priority Low CVSS severity Low 7.2 Developer ServMask, Inc PSID 44c4c1ddd033 Credits Ryan Kozak Required privilege...

WordPress Namaste! LMS plugin <= 2.6.3 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Namaste! LMS versions = 2.6.3...

WordPress WPC Shop as a Customer for WooCommerce Plugin <= 1.2.6 is vulnerable to PHP Object Injection

Software WPC Shop as a Customer for WooCommerce Type Plugin Vulnerable versions = 1.2.6 Fixed in 1.2.7 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-50416 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID ffccd26940cf Credits LVT-tholv2k...

PT-2024-39670 · WordPress · Fluentsmtp

Name of the Vulnerable Software and Affected Versions: FluentSMTP – WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider versions prior to 2.2.82 Description: The FluentSMTP plugin for WordPress is vulnerable to PHP Object Injection via deserialization of...

WordPress Backup and Staging by WP Time Capsule plugin <= 1.22.21 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Hakiduck Patchstack Alliance in WordPress Plugin Backup and Staging by WP Time Capsule versions = 1.22.21...

SEOPress Plugin for WordPress < 7.9 PHP Object Injection

The WordPress SEOPress Plugin installed on the remote host is affected by a PHP object injection vulnerability via the deserialization of untrusted input from the 'title' parameter. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reporte...

WordPress Backup and Staging by WP Time Capsule Plugin <= 1.22.21 is vulnerable to PHP Object Injection

Software Backup and Staging by WP Time Capsule Type Plugin Vulnerable versions = 1.22.21 Fixed in 1.22.22 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-49684 Patch priority Low CVSS severity Low 7.2 Developer Claim ownership PSID 72588c8fb912 Credits Hakiduck Require...

CVE-2024-49332 WordPress Giveaway Boost plugin <= 2.1.4 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in giveawayboost Giveaway Boost giveaway-boost allows Object Injection.This issue affects Giveaway Boost: from n/a through = 2.1.4...

CVE-2024-49332 WordPress Giveaway Boost plugin <= 2.1.4 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Giveaway Boost allows Object Injection.This issue affects Giveaway Boost: from n/a through 2.1.4...

CVE-2024-49624 WordPress Advanced Advertising System plugin <= 1.3.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in smartdevth Advanced Advertising System advanced-advertising-system allows Object Injection.This issue affects Advanced Advertising System: from n/a through = 1.3.1...