CVE-2022-3425 Google Analyticator < 6.5.6 - Admin+ PHP Object Injection

The Analyticator WordPress plugin before 6.5.6 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...

CVE-2022-3374 Ocean Extra < 2.0.5 - Admin+ PHP Objection Injection

The Ocean Extra WordPress plugin before 2.0.5 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import intentionally or not a malicious Customizer Styling file and a suitable gadget chain is present on the blog...

CVE-2017-18604

The sitebuilder-dynamic-components plugin through 1.0 for WordPress has PHP object injection via an AJAX request...

PT-2019-18337 · Zoneminder +3 · Zoneminder +3

Name of the Vulnerable Software and Affected Versions: ZoneMinder version 1.32.3 Description: An issue exists in the software where Reflected XSS is present in the web/skins/classic/views/plugin.php file via the pl parameter in the /zm/index.php?view=plugin API endpoint. Recommendations: For...

CVE-2018-20424

Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to delete the commonmemberwechatmp data structure via an ac=unbindmp request to plugin.php...

Wordpress Export Users to CSV 1.1.1 Plugin - CSV Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Wordpress Plugin Export Users to CSV 1.1.1 - CSV Injection Exploit Author: Javier Olmedo Website: https://hackpuntes.com Vendor: Matt Cromwell Software Link: https://wordpress.org/plugins/export-users-to-csv/ Affected Version:...