CVE-2022-47083

CVE-2022-47083 affects Spitfire CMS 1.0.475 and is a PHP Object Injection via unsafe use of unserialize(), enabling authenticated attackers to execute arbitrary code by sending crafted requests. Concrete details from multiple sources cite the vulnerability in the cms_backup_values handling (e.g.,...

CVE-2022-47083

A PHP Object Injection vulnerability in the unserialize function Spitfire CMS v1.0.475 allows authenticated attackers to execute arbitrary code via sending crafted requests to the web application...

Tiki Wiki CMS Groupware 24.1 tikiimporter_blog_wordpress.php PHP Object Injection

---------------------------------------------------------------------------------------------------- Tiki Wiki CMS Groupware input type="...

CVE-2022-4043

The WP Custom Admin Interface WordPress plugin before 7.29 unserialize user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...

CVE-2022-4043

The WP Custom Admin Interface WordPress plugin before 7.29 unserialize user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...

CVE-2022-3679

The Starter Templates by Kadence WP WordPress plugin before 1.2.17 unserialises the content of an imported file, which could lead to PHP object injection issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog...

CVE-2022-3417

The WPtouch WordPress plugin before 4.3.45 unserialises the content of an imported settings file, which could lead to PHP object injections issues when an user import intentionally or not a malicious settings file and a suitable gadget chain is present on the blog...

CVE-2022-3417

The WPtouch WordPress plugin before 4.3.45 unserialises the content of an imported settings file, which could lead to PHP object injections issues when an user import intentionally or not a malicious settings file and a suitable gadget chain is present on the blog...

CVE-2022-3679

The Starter Templates by Kadence WP WordPress plugin before 1.2.17 unserialises the content of an imported file, which could lead to PHP object injection issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog...

Design/Logic Flaw

The Starter Templates by Kadence WP WordPress plugin before 1.2.17 unserialises the content of an imported file, which could lead to PHP object injection issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog...

Design/Logic Flaw

The WPtouch WordPress plugin before 4.3.45 unserialises the content of an imported settings file, which could lead to PHP object injections issues when an user import intentionally or not a malicious settings file and a suitable gadget chain is present on the blog...

Design/Logic Flaw

The WP Custom Admin Interface WordPress plugin before 7.29 unserialize user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...

CVE-2022-3679 Starter Templates by Kadence WP < 1.2.17 - Admin+ PHP Object Injection

The Starter Templates by Kadence WP WordPress plugin before 1.2.17 unserialises the content of an imported file, which could lead to PHP object injection issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog...

CVE-2022-3679 Starter Templates by Kadence WP < 1.2.17 - Admin+ PHP Object Injection

The Starter Templates by Kadence WP WordPress plugin before 1.2.17 unserialises the content of an imported file, which could lead to PHP object injection issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog...

CVE-2022-3679

CVE-2022-3679 affects the WordPress plugin Starter Templates by Kadence WP prior to version 1.2.17. The issue arises from unserialising the content of an imported file, enabling PHP object injection when an admin imports a malicious file and a suitable gadget chain exists on the blog. Impact is d...

CVE-2022-3417 WPtouch < 4.3.45 - Admin+ PHP Object Injection

The WPtouch WordPress plugin before 4.3.45 unserialises the content of an imported settings file, which could lead to PHP object injections issues when an user import intentionally or not a malicious settings file and a suitable gadget chain is present on the blog...

CVE-2022-3417 WPtouch < 4.3.45 - Admin+ PHP Object Injection

The WPtouch WordPress plugin before 4.3.45 unserialises the content of an imported settings file, which could lead to PHP object injections issues when an user import intentionally or not a malicious settings file and a suitable gadget chain is present on the blog...

CVE-2022-4043 WP Custom Admin Interface < 7.29 - Admin+ PHP Object Injection

The WP Custom Admin Interface WordPress plugin before 7.29 unserialize user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...

CVE-2022-4043 WP Custom Admin Interface < 7.29 - Admin+ PHP Object Injection

The WP Custom Admin Interface WordPress plugin before 7.29 unserialize user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...

PT-2023-13501 · Kadence Wp · The Starter Templates By Kadence Wp

Name of the Vulnerable Software and Affected Versions: The Starter Templates by Kadence WP WordPress plugin versions prior to 1.2.17 Description: The issue arises from the unserialization of the content of an imported file, potentially leading to PHP object injection issues. This can occur when a...