Lucene search
K

7 matches found

CNVD
CNVD
added 2021/12/18 12:0 a.m.15 views

WordPress ToTop Link plugin code problem vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. ToTop Link Plugin is a WordPress open source application plugin. WordPress ToTop Link Plugin has a code issue vulnerability in versions prior to 1.7.1, which stems from the plugin passing...

9.8CVSS3.2AI score0.01841EPSS
Exploits2References1
OSV
OSV
added 2021/12/13 11:15 a.m.5 views

CVE-2021-24857

The ToTop Link WordPress plugin through 1.7.1 passes base64 encoded user input to the unserialize PHP function, which could lead to PHP Object injection if a plugin installed on the blog has a suitable gadget chain...

9.8CVSS5.8AI score
Exploits0References1
CVE
CVE
added 2021/12/13 10:41 a.m.39 views

CVE-2021-24857

The CVE refers to the WordPress ToTop Link plugin (versions

9.8CVSS9.7AI score0.01841EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2021/12/13 10:41 a.m.10 views

CVE-2021-24857 ToTop Link <= 1.7.1 - Unauthenticated PHP Object Injection

The ToTop Link WordPress plugin through 1.7.1 passes base64 encoded user input to the unserialize PHP function, which could lead to PHP Object injection if a plugin installed on the blog has a suitable gadget chain...

9.8AI score0.01841EPSS
Exploits2References1
CNNVD
CNNVD
added 2021/12/13 12:0 a.m.7 views

WordPress 插件代码问题漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. ToTop Link Plugin is a WordPress open source application plugin. WordPress ToTop Link Plugin has a code issue vulnerability in versions prior to 1.7.1, which stems from the plugin passing...

9.8CVSS6.3AI score0.01841EPSS
Exploits2References2
wpexploit
wpexploit
added 2021/11/15 12:0 a.m.167 views

ToTop Link <= 1.7.1 - Unauthenticated PHP Object Injection

The plugin passes base64 encoded user input to the unserialize PHP function, which could lead to PHP Object injection if a plugin installed on the blog has a suitable gadget chain. https://example.com/wp-content/plugins/totop-link/trunk/totop-link.css.php?vars=base64encodedpayload...

9.8CVSS9.4AI score0.01841EPSS
Exploits2
Patchstack
Patchstack
added 2021/11/15 12:0 a.m.14 views

WordPress ToTop Link plugin <= 1.7.1 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability discovered by Muhammed Kara in WordPress ToTop Link plugin versions = 1.7.1. Solution Deactivate and delete. This plugin has been closed as of October 21, 2021 and is not available for download. This closure is temporary, pending a full review...

9.8CVSS3AI score0.01841EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder