3587 matches found
Design/Logic Flaw
The Kadence WooCommerce Email Designer WordPress plugin before 1.5.7 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog...
CVE-2022-3335 Kadence WooCommerce Email Designer < 1.5.7 - Admin+ PHP Objection Injection
The Kadence WooCommerce Email Designer WordPress plugin before 1.5.7 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog...
CVE-2022-3335 Kadence WooCommerce Email Designer < 1.5.7 - Admin+ PHP Objection Injection
The Kadence WooCommerce Email Designer WordPress plugin before 1.5.7 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog...
PT-2022-21774 · WordPress · Kadence Woocommerce Email Designer
Name of the Vulnerable Software and Affected Versions: Kadence WooCommerce Email Designer WordPress plugin versions prior to 1.5.7 Description: The issue arises from the unserialization of the content of an imported file, potentially leading to PHP object injections when an admin imports a...
WordPress plugin Kadence WooCommerce Email Designer 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...
Easy WP SMTP < 1.5.0 - Admin+ PHP Objection Injection
The plugin unserialises the content of an imported file, which could lead to PHP object injection issue when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog. PoC To simulate a gadget chain, put the following code in a plugin class Evil publ...
Smart Slider 3 < 3.5.1.11 - PHP Object Injection
The plugin unserialises the content of an imported file, which could lead to PHP object injection issues when a user import intentionally or not a malicious file, and a suitable gadget chain is present on the site. PoC To simulate a gadget chain, put the following code in a plugin class Evil publ...
Smart Slider 3 < 3.5.1.11 - PHP Object Injection
The plugin unserialises the content of an imported file, which could lead to PHP object injection issues when a user import intentionally or not a malicious file, and a suitable gadget chain is present on the site. To simulate a gadget chain, put the following code in a plugin class Evil public...
WordPress Smart Slider 3 plugin <= 3.5.1.9 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Nguyen Duy Quoc Khanh in WordPress Smart Slider 3 plugin versions = 3.5.1.9. Solution Update the WordPress Smart Slider 3 plugin to the latest available version at least 3.5.1.11...
Ocean Extra < 2.0.5 - Admin+ PHP Objection Injection
The plugin unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import intentionally or not a malicious Customizer Styling file and a suitable gadget chain is present on the blog. PoC To simulate a gadget chain, put the followin...
LearnPress < 4.1.7.2 - Unauthenticated PHP Object Injection via REST API
The plugin unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution RCE. To successfully exploit this vulnerability attackers must have knowledge of the site...
WordPress LearnPress plugin <= 4.1.7.1 - Unauthenticated PHP Object Injection vulnerability
Unauthenticated PHP Object Injection vulnerability via REST API discovered by Nguyen Duy Quoc Khanh in the WordPress LearnPress plugin versions = 4.1.7.1. Solution Update the WordPress LearnPress plugin to the latest available version at least 4.1.7.2...
LearnPress < 4.1.7.2 - Unauthenticated PHP Object Injection via REST API
The plugin unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution RCE. To successfully exploit this vulnerability attackers must have knowledge of the site...
CVE-2022-2903
The Ninja Forms Contact Form WordPress plugin before 3.6.13 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog...
Design/Logic Flaw
The Ninja Forms Contact Form WordPress plugin before 3.6.13 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog...
CVE-2022-2903 NinjaForms < 3.6.13 - Admin+ PHP Objection Injection
The Ninja Forms Contact Form WordPress plugin before 3.6.13 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog...
CVE-2022-2903
The CVE-2022-2903 entry corresponds to the WordPress Ninja Forms Contact Form plugin (versions before 3.6.13). The vulnerability is described as insecure deserialization: importing a malicious file can lead to PHP object injection if a suitable gadget chain exists on the site. Impact is documente...
CVE-2022-2903 NinjaForms < 3.6.13 - Admin+ PHP Objection Injection
The Ninja Forms Contact Form WordPress plugin before 3.6.13 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog...
CVE-2022-33900
PHP Object Injection vulnerability in Easy Digital Downloads plugin = 3.0.1 at WordPress...
CVE-2022-33900
PHP Object Injection vulnerability in Easy Digital Downloads plugin = 3.0.1 at WordPress...