2 matches found
CVE-2026-7637 Boost <= 2.0.3 - Unauthenticated PHP Object Injection via STYXKEY-BOOST_USER_LOCATION Cookie
The Boost plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.0.3 via deserialization of untrusted input in the STYXKEY-BOOSTUSERLOCATION cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present i...
CVE-2026-7637 Boost <= 2.0.3 - Unauthenticated PHP Object Injection via STYXKEY-BOOST_USER_LOCATION Cookie
The Boost plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.0.3 via deserialization of untrusted input in the STYXKEY-BOOSTUSERLOCATION cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present i...