WordPress Participants Database Plugin <= 2.5.9.2 is vulnerable to PHP Object Injection

Software Participants Database Type Plugin Vulnerable versions = 2.5.9.2 Fixed in 2.5.9.3 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-43141 Patch priority Medium CVSS severity Medium 9.8 Developer Claim ownership PSID 859a2e5c56af Credits LVT-tholv2k Required...

CVE-2024-39636 WordPress Better Find and Replace plugin <= 1.6.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in CodeSolz Better Find and Replace.This issue affects Better Find and Replace: from n/a through 1.6.1...

CVE-2024-39636 WordPress Better Find and Replace plugin <= 1.6.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in CodeSolz Better Find and Replace.This issue affects Better Find and Replace: from n/a through 1.6.1...

CVE-2024-39630 WordPress Timetable and Event Schedule by MotoPress plugin <= 2.4.13 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in MotoPress Timetable and Event Schedule allows Object Injection.This issue affects Timetable and Event Schedule: from n/a through 2.4.13...

WordPress Essential Addons for Elementor Plugin < 5.9.14 Multiple Vulnerabilities

The WordPress plugin SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wpdeveloper:essentialaddonsforelementor"; ifdescription...

WordPress Better Find and Replace plugin <= 1.6.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Trình Vũ Sonicrrrr from VNPT-VCI in WordPress Plugin Better Find and Replace versions = 1.6.1...

WordPress Flipbox Builder plugin <= 1.5 - Authenticated (Contributor+) PHP Object Injection vulnerability

Authenticated Contributor+ PHP Object Injection vulnerability discovered by Francesco Carlucci in WordPress Plugin Flipbox Builder versions = 1.5...

WordPress Better Find and Replace Plugin <= 1.6.1 is vulnerable to PHP Object Injection

Software Better Find and Replace Type Plugin Vulnerable versions = 1.6.1 Fixed in 1.6.2 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-39636 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID c0c0efbac1bd Credits Trình Vũ Sonicrrrr from VNPT-VCI...

WordPress Flipbox Builder Plugin <= 1.5 is vulnerable to PHP Object Injection

Software Flipbox Builder Type Plugin Vulnerable versions = 1.5 Fixed in N/A OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-6152 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID 06c48daece2a Credits Francesco Carlucci Required privilege...

CVE-2024-6152

The Flipbox Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.5 via deserialization of untrusted input in the flipboxbuilderFlipboxShortCode function. This makes it possible for authenticated attackers, with Contributor-level access and...

CVE-2024-6152 Flipbox Builder <= 1.5 - Authenticated (Contributor+) PHP Object Injection

The Flipbox Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.5 via deserialization of untrusted input in the flipboxbuilderFlipboxShortCode function. This makes it possible for authenticated attackers, with Contributor-level access and...

CVE-2024-6152

CVE-2024-6152 describes a PHP object injection in the WordPress plugin Flipbox Builder (versions ≤ 1.5) via deserialization in the flipbox_builder_Flipbox_ShortCode function. Authenticated attackers with Contributor-level access or higher can inject a PHP object. No POP chain is known in the core...

CVE-2024-5726

The Timeline Event History plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1 via deserialization of untrusted input 'timelines-data' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject...

CVE-2024-5726 Timeline Event History <= 3.1 - Authenticated (Contributor+) PHP Object Injection

The Timeline Event History plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1 via deserialization of untrusted input 'timelines-data' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject...

CVE-2024-5726

CVE-2024-5726 describes a PHP Object Injection in the Timeline Event History WordPress plugin (versions up to 3.1). The root cause is deserialization of untrusted input in the timelines-data parameter, exploitable by authenticated users with Contributor+ privileges. Reported impact includes the p...

WordPress Timeline Event History Plugin <= 3.1 is vulnerable to PHP Object Injection

Software Timeline Event History Type Plugin Vulnerable versions = 3.1 Fixed in 3.2 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-5726 Patch priority Medium CVSS severity Medium 8.5 Developer Claim ownership PSID 38e5a517239e Credits Francesco Carlucci Required...

CVE-2024-37502 WordPress Social Login plugin <= 2.6.3 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in wpweb WooCommerce Social Login.This issue affects WooCommerce Social Login: from n/a through 2.6.3...

CVE-2024-37502 WordPress Social Login plugin <= 2.6.3 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in wpweb WooCommerce Social Login woo-social-login.This issue affects WooCommerce Social Login: from n/a through = 2.6.3...

WordPress SEOPress Plugin < 7.9 is vulnerable to PHP Object Injection

Software SEOPress Type Plugin Vulnerable versions 7.9 Fixed in 7.9 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-5488 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID b681d991dcc5 Credits Marc Montpas Required privilege Unauthenticated...

WordPress Social Login plugin <= 2.6.3 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin WooCommerce Social Login versions = 2.6.3...