WordPress Attire Theme <= 2.0.6 is vulnerable to PHP Object Injection

Software Attire Type Theme Vulnerable versions = 2.0.6 Fixed in 2.0.7 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-7435 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID 834924dbc4f2 Credits Francesco Carlucci Required privilege Contribut...

CVE-2024-7435

The Attire theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.6 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is prese...

CVE-2024-7435

The Attire theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.6 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is prese...

CVE-2024-7435 Attire <= 2.0.6 - Authenticated (Contributor+) PHP Object Injection

The Attire theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.6 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is prese...

CVE-2024-7435 Attire <= 2.0.6 - Authenticated (Contributor+) PHP Object Injection

The Attire theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.6 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is prese...

CVE-2024-7435

CVE-2024-7435 affects the Attire WordPress theme (all versions up to 2.0.6). The issue is PHP Object Injection via deserialization of untrusted input, exploitable by authenticated attackers with Contributor-level access and above to inject a PHP object. The description notes the presence of a POP...

CVE-2024-8016

The Events Calendar Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.0.2 via deserialization of untrusted input from the 'filters' parameter in widgets. This makes it possible for authenticated attackers, with administrator-level access and...

CVE-2024-8016

The Events Calendar Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.0.2 via deserialization of untrusted input from the 'filters' parameter in widgets. This makes it possible for authenticated attackers, with administrator-level access and...

CVE-2024-8016 The Events Calendar Pro <= 7.0.2 - Authenticated (Administrator+) PHP Object Injection to Remote Code Execution

The Events Calendar Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.0.2 via deserialization of untrusted input from the 'filters' parameter in widgets. This makes it possible for authenticated attackers, with administrator-level access and...

CVE-2024-8016

CVE-2024-8016 affects The Events Calendar Pro for WordPress. The vulnerability is a PHP Object Injection via deserialization of untrusted input from the widgets’ filters parameter, enabling an attacker with administrator-level access (and in some configs, even lower-privilege users) to inject a P...

CVE-2024-2694

The Betheme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 27.5.6 via deserialization of untrusted input of the 'mfn-page-items' post meta value. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

CVE-2024-2694 Betheme <= 27.5.6 - Authenticated (Contributor+) PHP Object Injection

The Betheme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 27.5.6 via deserialization of untrusted input of the 'mfn-page-items' post meta value. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

CVE-2024-2694

CVE-2024-2694 affects Betheme (WordPress theme). It allows PHP Object Injection via deserialization of untrusted input stored in the mfn-page-items post meta, impacting all versions up to 27.5.6. Exploitation requires authentication at contributor level or higher. The description notes that there...

CVE-2024-2694 Betheme <= 27.5.6 - Authenticated (Contributor+) PHP Object Injection

The Betheme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 27.5.6 via deserialization of untrusted input of the 'mfn-page-items' post meta value. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

WordPress The Events Calendar Pro plugin <= 7.0.2 - Authenticated (Administrator+) PHP Object Injection to Remote Code Execution vulnerability

Authenticated Administrator+ PHP Object Injection to Remote Code Execution vulnerability discovered by István Márton in WordPress Plugin The Events Calendar PRO versions = 7.0.2...

WordPress Betheme Theme <= 27.5.6 is vulnerable to PHP Object Injection

Software Betheme Type Theme Vulnerable versions = 27.5.6 Fixed in 27.5.7 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-2694 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID 8e134812d3a9 Credits Francesco Carlucci Required privilege...

PT-2024-38346 · WordPress · Attire

Name of the Vulnerable Software and Affected Versions: The Attire theme for WordPress versions up to, and including, 2.0.6 Description: The Attire theme for WordPress is vulnerable to PHP Object Injection via deserialization of untrusted input. This makes it possible for authenticated attackers,...

WordPress GiveWP Plugin < 3.14.2 PHP Object Injection Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:givewp:givewp"; ifdescription...

CVE-2024-43931 WordPress JobSearch WP Job Board WordPress Plugin plugin <= 2.5.3 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in eyecix JobSearch allows Object Injection.This issue affects JobSearch: from n/a through 2.5.3...

CVE-2024-43931 WordPress JobSearch WP Job Board WordPress Plugin plugin <= 2.5.3 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in eyecix JobSearch allows Object Injection.This issue affects JobSearch: from n/a through 2.5.3...