3587 matches found
CVE-2018-20718
In Pydio before 8.2.2, an attack is possible via PHP Object Injection because a user is allowed to use the $phpserial$a:0: syntax to store a preference. An attacker either needs a "public link" of a file, or access to any unprivileged user account for creation of such a link...
CVE-2017-18356
In the Automattic WooCommerce plugin before 3.2.4 for WordPress, an attack is possible after gaining access to the target site with a user account that has at least Shop manager privileges. The attacker then constructs a specifically crafted string that will turn into a PHP object injection...
CVE-2018-20718
In Pydio Core before 8.2.2, a PHP Object Injection vulnerability exists via the $phpserial$a:0:{} syntax used when storing a user preference. An attacker requires either a public link to a file or access to an unprivileged user account to create such a link. The issue is rated CRITICAL (CVSSv3: 9...
CVE-2017-18356
Summary: CVE-2017-18356 affects the WordPress WooCommerce plugin prior to 3.2.4. The issue is a PHP object injection in WC_Shortcode_Products::get_products() triggered via crafted strings in shortcodes, enabled after an attacker with at least Shop Manager privileges gains access to the target sit...
CVE-2018-20718
In Pydio before 8.2.2, an attack is possible via PHP Object Injection because a user is allowed to use the $phpserial$a:0: syntax to store a preference. An attacker either needs a "public link" of a file, or access to any unprivileged user account for creation of such a link...
WordPress 4.3.x < 4.3.18 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - Authors could alter meta data to delete files that they weren't authorized to. - Authors could create posts of unauthorized types with specially crafted input. -...
WordPress 4.6.x < 4.6.13 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - Authors could alter meta data to delete files that they weren't authorized to. - Authors could create posts of unauthorized types with specially crafted input. -...
WordPress 3.8.x < 3.8.28 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - Authors could alter meta data to delete files that they weren't authorized to. - Authors could create posts of unauthorized types with specially crafted input. -...
WordPress 4.9.x < 4.9.9 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - Authors could alter meta data to delete files that they weren't authorized to. - Authors could create posts of unauthorized types with specially crafted input. -...
WordPress 3.7.x < 3.7.28 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - Authors could alter meta data to delete files that they weren't authorized to. - Authors could create posts of unauthorized types with specially crafted input. -...
WordPress 4.5.x < 4.5.16 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - Authors could alter meta data to delete files that they weren't authorized to. - Authors could create posts of unauthorized types with specially crafted input. -...
WordPress 4.7.x < 4.7.12 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - Authors could alter meta data to delete files that they weren't authorized to. - Authors could create posts of unauthorized types with specially crafted input. -...
WordPress Multiple Vulnerabilities (Dec 2018) - Windows
WordPress is prone to multiple vulnerabilities. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
WordPress Multiple Vulnerabilities (Dec 2018) - Linux
WordPress is prone to multiple vulnerabilities. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
WordPress 4.4.x < 4.4.17 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - Authors could alter meta data to delete files that they weren't authorized to. - Authors could create posts of unauthorized types with specially crafted input. -...
WordPress 3.9.x < 3.9.26 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - Authors could alter meta data to delete files that they weren't authorized to. - Authors could create posts of unauthorized types with specially crafted input. -...
WordPress 4.0.x < 4.0.25 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - Authors could alter meta data to delete files that they weren't authorized to. - Authors could create posts of unauthorized types with specially crafted input. -...
WordPress 4.8.x < 4.8.8 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - Authors could alter meta data to delete files that they weren't authorized to. - Authors could create posts of unauthorized types with specially crafted input. -...
WordPress 5.0.x < 5.0.1 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - Authors could alter meta data to delete files that they weren't authorized to. - Authors could create posts of unauthorized types with specially crafted input. -...
CVE-2018-20148
In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could conduct PHP object injection attacks via crafted metadata in a wp.getMediaItem XMLRPC call. This is caused by mishandling of serialized data at phar:// URLs in the wpgetattachmentthumbfile function in wp-includes/post.php...