CVE-2020-36726 Ultimate Reviews < 2.1.33 - PHP Object Injection

The Ultimate Reviews plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.1.32 via deserialization of untrusted input in several vulnerable functions. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable...

CVE-2020-36718 GDPR CCPA Compliance Support <= 2.3 - PHP Object Injection

The GDPR CCPA Compliance Support plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.3 via deserialization of untrusted input "njtgdprallowpermissions" value. This allows unauthenticated attackers to inject a PHP Object...

CVE-2020-36718 GDPR CCPA Compliance Support <= 2.3 - PHP Object Injection

The GDPR CCPA Compliance Support plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.3 via deserialization of untrusted input "njtgdprallowpermissions" value. This allows unauthenticated attackers to inject a PHP Object...

WordPress Plugin GDPR CCPA Compliance Support 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

PT-2023-11868 · WordPress · The Ultimate Reviews

Name of the Vulnerable Software and Affected Versions: The Ultimate Reviews plugin for WordPress versions up to and including 2.1.32 Description: The issue allows unauthenticated attackers to inject a PHP Object via deserialization of untrusted input in several vulnerable functions, as no POP cha...

Gravity Forms < 2.7.4 - Unauthenticated PHP Object Injection

The plugin unserializes user input via the getfieldinput, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...

CVE-2023-2500

The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.3.19 via deserialization of untrusted input from the 'gopricing' shortcode 'data' parameter. This allows authenticated attackers, with subscriber-lev...

CVE-2023-2500

The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.3.19 via deserialization of untrusted input from the 'gopricing' shortcode 'data' parameter. This allows authenticated attackers, with subscriber-lev...

Deserialization of untrusted data

The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.3.19 via deserialization of untrusted input from the 'gopricing' shortcode 'data' parameter. This allows authenticated attackers, with subscriber-lev...

WordPress Go Pricing Plugin <= 3.3.19 is vulnerable to PHP Object Injection

Software Go Pricing Type Plugin Vulnerable versions = 3.3.19 Fixed in 3.4 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-2500 Patch priority Medium CVSS severity Medium 4.9 Developer Claim ownership PSID 888d475edb31 Credits Lana Codes Required privilege Subscriber...

WordPress Recently Viewed Products Plugin <= 1.0.0 is vulnerable to PHP Object Injection

Software Recently Viewed Products Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-34027 Patch priority High CVSS severity High 8.3 Developer Claim ownership PSID 9c6c9d223c96 Credits Mika Required privilege...

CVE-2023-2500

CVE-2023-2500 affects the Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress (versions ≤ 3.3.19). The vulnerability is PHP Object Injection via deserialization of untrusted input in the go_pricing shortcode data parameter. It requires subscriber-level authentication or higher; ...

CVE-2023-2500 Go Pricing - WordPress Responsive Pricing Tables <= 3.3.19 - Authenticated (Subscriber+) PHP Object Injection

The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.3.19 via deserialization of untrusted input from the 'gopricing' shortcode 'data' parameter. This allows authenticated attackers, with subscriber-lev...

CVE-2023-2500 Go Pricing - WordPress Responsive Pricing Tables <= 3.3.19 - Authenticated (Subscriber+) PHP Object Injection

The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.3.19 via deserialization of untrusted input from the 'gopricing' shortcode 'data' parameter. This allows authenticated attackers, with subscriber-lev...

WordPress HUSKY - Products Filter for WooCommerce Professional Plugin < 1.3.2 PHP Object Injection Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:pluginus:husky-productsfilterprofessionalforwoocommerce";...

Go Pricing - WordPress Responsive Pricing Tables < 3.4 - Contributor+ PHP Object Injection via shortcode

The plugin does not sanitize the data parameter of its gopricing shortcode before unserializing it, which could allow users with a role as low as a contributor to perform PHP Object Injection attacks if a suitable gadget chain is found on the site...

WordPress Ad Inserter Plugin < 2.7.27 Code Injection Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adinserterproject:adinserter"; ifdescription...

CVE-2023-1549

The Ad Inserter WordPress plugin before 2.7.27 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...

Design/Logic Flaw

The Ad Inserter WordPress plugin before 2.7.27 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...

CVE-2023-1549 Ad Inserter < 2.7.27 - Admin+ PHP Object Injection

The Ad Inserter WordPress plugin before 2.7.27 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...