3726 matches found
WordPress myCred plugin <= 2.7.2 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin myCred versions = 2.7.2...
CVE-2024-43141 WordPress Participants Database plugin <= 2.5.9.2 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Roland Barker, xnau webdesign Participants Database allows Object Injection.This issue affects Participants Database: from n/a through 2.5.9.2...
WordPress Crew HRM Plugin <= 1.1.1 is vulnerable to PHP Object Injection
Software Crew HRM Type Plugin Vulnerable versions = 1.1.1 Fixed in 1.1.2 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-43252 Patch priority High CVSS severity High 9 Developer Sekander Badsha PSID e529c4ddfdc3 Credits CatFather Required privilege Unauthenticated...
WordPress Ultimate Membership Pro Plugin <= 12.7 is vulnerable to PHP Object Injection
Software Ultimate Membership Pro Type Plugin Vulnerable versions = 12.7 Fixed in 12.8 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-43242 Patch priority High CVSS severity High 9 Developer Claim ownership PSID 4d478cf8c35d Credits Rafie Muhammad Patchstack Required...
WordPress GiveWP Plugin <= 3.14.1 is vulnerable to PHP Object Injection
Software GiveWP Type Plugin Vulnerable versions = 3.14.1 Fixed in 3.14.2 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-37099 Patch priority High CVSS severity High 10 Developer Liquid Web / StellarWP PSID 44652f09d965 Credits LVT-tholv2k Required privilege...
CVE-2024-7561
The The Next theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.0 via deserialization of untrusted input from the wpedenpostmeta post meta value. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject...
CVE-2024-7560
The News Flash theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.0 via deserialization of untrusted input from the newsflashpostmeta meta value. This makes it possible for authenticated attackers, with Editor-level access and above, to inject a PH...
CVE-2024-7486 MultiPurpose <= 1.2.0 - Authenticated (Contributor+) PHP Object Injection
The MultiPurpose theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.0 via deserialization of untrusted input through the 'wpedenpostmeta' post meta. This makes it possible for authenticated attackers, with Contributor-level access and above, to...
CVE-2024-7486 MultiPurpose <= 1.2.0 - Authenticated (Contributor+) PHP Object Injection
The MultiPurpose theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.0 via deserialization of untrusted input through the 'wpedenpostmeta' post meta. This makes it possible for authenticated attackers, with Contributor-level access and above, to...
CVE-2024-7486
CVE-2024-7486 affects the MultiPurpose WordPress theme (all versions up to 1.2.0) via PHP Object Injection from deserializing untrusted input in wpeden_post_meta. Exploitation requires at least Contributor+ authentication; no POP chain is present in the core, but a POP chain from a compatible plu...
CVE-2024-7560 News Flash <= 1.1.0 - Authenticated (Editor+) PHP Object Injection
The News Flash theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.0 via deserialization of untrusted input from the newsflashpostmeta meta value. This makes it possible for authenticated attackers, with Editor-level access and above, to inject a PH...
CVE-2024-7560
CVE-2024-7560 (News Flash Theme – WordPress) is a PHP Object Injection vulnerability affecting all versions up to 1.1.0, exploitable via deserialization of untrusted input from the newsflash_post_meta meta value. The issue permits authenticated attackers with Editor-level access and above to inje...
CVE-2024-7561 The Next <= 1.1.0 - Authenticated (Contributor+) PHP Object Injection
The The Next theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.0 via deserialization of untrusted input from the wpedenpostmeta post meta value. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject...
PT-2024-38420 · WordPress · The News Flash
Name of the Vulnerable Software and Affected Versions: The News Flash theme for WordPress versions up to, and including, 1.1.0 Description: The issue allows authenticated attackers with Editor-level access and above to inject a PHP Object via deserialization of untrusted input from the newsflash...
WordPress News Flash theme <= 1.1.0 - Authenticated (Editor+) PHP Object Injection vulnerability
Authenticated Editor+ PHP Object Injection vulnerability discovered by Francesco Carlucci in WordPress Theme News Flash versions = 1.1.0...
WordPress MultiPurpose theme <= 1.2.0 - Authenticated (Contributor+) PHP Object Injection vulnerability
Authenticated Contributor+ PHP Object Injection vulnerability discovered by Francesco Carlucci in WordPress Theme Multipurpose versions = 1.2.0...
WordPress The Next theme <= 1.1.0 - Authenticated (Contributor+) PHP Object Injection vulnerability
Authenticated Contributor+ PHP Object Injection vulnerability discovered by Francesco Carlucci in WordPress Theme The Next LVL versions = 1.1.0...
WordPress News Flash Theme <= 1.1.0 is vulnerable to PHP Object Injection
Software News Flash Type Theme Vulnerable versions = 1.1.0 Fixed in N/A OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-7560 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID 645105e26eb0 Credits Francesco Carlucci Required privilege Editor...
WordPress Multipurpose Theme <= 1.2.0 is vulnerable to PHP Object Injection
Software Multipurpose Type Theme Vulnerable versions = 1.2.0 Fixed in N/A OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-7486 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID 5a908ef6f2c7 Credits Francesco Carlucci Required privilege...
WordPress The Next LVL Theme <= 1.1.0 is vulnerable to PHP Object Injection
Software The Next LVL Type Theme Vulnerable versions = 1.1.0 Fixed in N/A OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-7561 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID b79740b6d53a Credits Francesco Carlucci Required privilege...