CVE-2023-1549 Ad Inserter < 2.7.27 - Admin+ PHP Object Injection

The Ad Inserter WordPress plugin before 2.7.27 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...

CVE-2023-1549

The CVE-2023-1549 issue affects the Ad Inserter WordPress plugin prior to version 2.7.27. It involves unserializing user input from the plugin settings, which could enable PHP Object Injection when a suitable gadget is present, potentially allowing high-privilege users (e.g., admins) to leverage ...

WordPress WooCommerce Product Add-ons Plugin <= 6.1.3 is vulnerable to PHP Object Injection

Software WooCommerce Product Add-ons Type Plugin Vulnerable versions = 6.1.3 Fixed in 6.2.0 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-32795 Patch priority Medium CVSS severity Medium 8.2 Developer Claim ownership PSID 8de26d9f8493 Credits Rafie Muhammad Patchstac...

WordPress Woodmart Core Plugin <= 1.0.36 is vulnerable to PHP Object Injection

Software Woodmart Core Type Plugin Vulnerable versions = 1.0.36 Fixed in 1.0.37 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-32242 Patch priority High CVSS severity High 9.8 Developer Xtemos PSID 779c53b2f97f Credits Dave Jong Patchstack Required privilege...

WordPress GiveWP Plugin <= 2.25.3 is vulnerable to PHP Object Injection

Software GiveWP Type Plugin Vulnerable versions = 2.25.3 Fixed in 2.26.0 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-32513 Patch priority High CVSS severity High 7.5 Developer Liquid Web / StellarWP PSID 8e6fd83cfd05 Credits Rafie Muhammad Patchstack Required...

CVE-2023-1347

The Customizer Export/Import WordPress plugin before 0.9.6 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...

CVE-2023-1650

The AI ChatBot WordPress plugin before 4.4.7 unserializes user input from cookies via an AJAX action available to unauthenticated users, which could allow them to perform PHP Object Injection when a suitable gadget is present on the blog...

CVE-2023-1347

The Customizer Export/Import WordPress plugin before 0.9.6 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...

CVE-2023-1650

The AI ChatBot WordPress plugin before 4.4.7 unserializes user input from cookies via an AJAX action available to unauthenticated users, which could allow them to perform PHP Object Injection when a suitable gadget is present on the blog...

Design/Logic Flaw

The Customizer Export/Import WordPress plugin before 0.9.6 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...

Design/Logic Flaw

The AI ChatBot WordPress plugin before 4.4.7 unserializes user input from cookies via an AJAX action available to unauthenticated users, which could allow them to perform PHP Object Injection when a suitable gadget is present on the blog...

CVE-2023-1347

CVE-2023-1347 affects the WordPress plugin Customizer Export/Import (versions before 0.9.6). The issue arises from unserializing user input in settings, enabling PHP Object Injection when a suitable gadget is present. Exploitation requires admin-level privileges, with a high impact as documented....

CVE-2023-1347 Customizer Export/Import < 0.9.6 - Admin+ PHP Object Injection

The Customizer Export/Import WordPress plugin before 0.9.6 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...

CVE-2023-1347 Customizer Export/Import < 0.9.6 - Admin+ PHP Object Injection

The Customizer Export/Import WordPress plugin before 0.9.6 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...

CVE-2023-1650 ChatBot < 4.4.7 - Unauthenticated PHP Object Injection

The AI ChatBot WordPress plugin before 4.4.7 unserializes user input from cookies via an AJAX action available to unauthenticated users, which could allow them to perform PHP Object Injection when a suitable gadget is present on the blog...

CVE-2023-1650

The CVE-2023-1650 entry concerns the AI ChatBot WordPress plugin (before 4.4.7). The vulnerability arises from unserializing user input stored in cookies via an AJAX action accessible to unauthenticated users, enabling PHP Object Injection if a compatible gadget is present. Affected software: Wor...

PT-2023-16916 · WordPress · Customizer Export/Import

Name of the Vulnerable Software and Affected Versions: Customizer Export/Import WordPress plugin versions prior to 0.9.6 Description: The issue allows high privilege users, such as admins, to perform PHP Object Injection when a suitable gadget is present. This is due to the plugin unserializing...

WordPress Otter - Gutenberg Block Plugin < 2.2.6 is vulnerable to PHP Object Injection

Software Otter - Gutenberg Block Type Plugin Vulnerable versions 2.2.6 Fixed in 2.2.6 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-2288 Patch priority High CVSS severity High 6.6 Developer Claim ownership PSID a3cf96ddaa2b Credits Alex Sanford Required privilege...

PT-2023-17146 · WordPress · Ai Chatbot

Name of the Vulnerable Software and Affected Versions: AI ChatBot WordPress plugin versions prior to 4.4.7 Description: The issue allows unauthenticated users to perform PHP Object Injection via an AJAX action, potentially exploiting the presence of a suitable gadget on the blog. This is achieved...

CVE-2023-1196

The Advanced Custom Fields ACF Free and Pro WordPress plugins 6.x before 6.1.0 and 5.x before 5.12.5 unserialize user controllable data, which could allow users with a role of Contributor and above to perform PHP Object Injection when a suitable gadget is present...