Lucene search
K

462 matches found

Prion
Prion
added 2023/01/30 9:15 p.m.18 views

Design/Logic Flaw

The Revive Old Posts WordPress plugin before 9.0.11 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...

5.8CVSS7.1AI score0.01046EPSS
Exploits2References1Affected Software1
NVD
NVD
added 2023/01/23 3:15 p.m.32 views

CVE-2022-4323

The Analyticator WordPress plugin before 6.5.6 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...

7.2CVSS7.1AI score0.01046EPSS
Exploits2References1
NVD
NVD
added 2023/01/23 3:15 p.m.33 views

CVE-2022-3425

The Analyticator WordPress plugin before 6.5.6 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...

7.2CVSS7.2AI score0.01046EPSS
Exploits2References1
Prion
Prion
added 2023/01/23 3:15 p.m.23 views

Design/Logic Flaw

The Analyticator WordPress plugin before 6.5.6 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...

5.8CVSS7AI score0.01046EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2023/01/23 2:31 p.m.73 views

CVE-2022-4323

CVE-2022-4323 concerns the WordPress plugin Analyticator (up to version 6.5.5; fixed in 6.5.6). The vulnerability arises because the plugin unserializes user input provided via the settings, which can enable PHP Object Injection when a suitable gadget is present. The issue can be triggered by hig...

7.2CVSS7AI score0.01046EPSS
Exploits2References1Affected Software1
OSV
OSV
added 2023/01/09 11:15 p.m.2 views

CVE-2022-4043

The WP Custom Admin Interface WordPress plugin before 7.29 unserialize user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...

7.2CVSS5.8AI score0.17686EPSS
Exploits2References1
Prion
Prion
added 2023/01/09 11:15 p.m.17 views

Design/Logic Flaw

The Starter Templates by Kadence WP WordPress plugin before 1.2.17 unserialises the content of an imported file, which could lead to PHP object injection issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog...

6.8CVSS8.8AI score0.00922EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2023/01/09 10:13 p.m.74 views

CVE-2022-3679

CVE-2022-3679 affects the WordPress plugin Starter Templates by Kadence WP prior to version 1.2.17. The issue arises from unserialising the content of an imported file, enabling PHP object injection when an admin imports a malicious file and a suitable gadget chain exists on the blog. Impact is d...

8.8CVSS8.9AI score0.00922EPSS
Exploits2References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/01/09 12:0 a.m.8 views

PT-2023-13350 · WordPress · Wptouch

Name of the Vulnerable Software and Affected Versions: WPtouch WordPress plugin versions prior to 4.3.45 Description: The issue arises from the unserialization of the content of an imported settings file, which could lead to PHP object injections issues when a user imports a malicious settings fi...

8.8CVSS8.7AI score0.00922EPSS
Exploits1References5
OSV
OSV
added 2023/01/02 10:15 p.m.7 views

CVE-2022-4324

The Custom Field Template WordPress plugin before 2.5.8 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import intentionally or not a malicious Customizer Styling file and a suitable gadget chain is present on the blog...

7.2CVSS5.8AI score0.17686EPSS
Exploits1References1
NVD
NVD
added 2023/01/02 10:15 p.m.20 views

CVE-2022-4302

The White Label CMS WordPress plugin before 2.5 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...

7.2CVSS7.2AI score0.17686EPSS
Exploits2References1
Prion
Prion
added 2023/01/02 10:15 p.m.19 views

Design/Logic Flaw

The White Label CMS WordPress plugin before 2.5 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...

5.8CVSS7.1AI score0.17686EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/01/02 9:49 p.m.28 views

CVE-2022-4324 Custom Field Template < 2.5.8 - Admin+ PHP Object Injection

The Custom Field Template WordPress plugin before 2.5.8 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import intentionally or not a malicious Customizer Styling file and a suitable gadget chain is present on the blog...

7.2AI score0.17686EPSS
Exploits1References1
WPVulnDB
WPVulnDB
added 2022/12/16 12:0 a.m.17 views

Starter Templates by Kadence WP < 1.2.17 - Admin+ PHP Object Injection

The plugin unserialises the content of an imported file, which could lead to PHP object injection issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog. PoC To simulate a gadget chain, put the following code in a plugin: class Evil...

8.8CVSS2.5AI score0.00922EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/12/08 12:0 a.m.31 views

White Label CMS < 2.5 - Admin+ PHP Object Injection

The plugin unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. PoC To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup : void...

7.2CVSS0.5AI score0.17686EPSS
Exploits2Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/11/17 12:0 a.m.29 views

Rocky Linux 8 : php:7.4 (RLSA-2022:6542)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:6542 advisory. - ArchiveTar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack such as file:// to...

7.8CVSS7.6AI score0.84554EPSS
Exploits5References7
Tenable Nessus
Tenable Nessus
added 2022/11/10 12:0 a.m.29 views

Scientific Linux Security Update : php-pear on SL7.x (noarch) (2022:7340)

The remote Scientific Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the SLSA-2022:7340-1 advisory. - ArchiveTar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked CVE-2020-28948 - ArchiveTar: improper filename...

7.8CVSS7.5AI score0.84554EPSS
Exploits5References4
Tenable Nessus
Tenable Nessus
added 2022/11/03 12:0 a.m.39 views

Oracle Linux 7 : php-pear (ELSA-2022-7340)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-7340 advisory. 1:1.9.4-23 - update ArchiveTar to 1.4.14 CVE-2020-36193 CVE-2020-28948 CVE-2020-28949 Tenable has extracted the preceding description block directly fr...

7.8CVSS7.7AI score0.84554EPSS
Exploits5References4
Tenable Nessus
Tenable Nessus
added 2022/11/03 12:0 a.m.66 views

RHEL 7 : php-pear (RHSA-2022:7340)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:7340 advisory. The php-pear package contains the PHP Extension and Application Repository PEAR, a framework and distribution system for reusable PHP...

7.8CVSS7.6AI score0.84554EPSS
Exploits5References9
RedHat Linux
RedHat Linux
added 2022/11/02 4:38 p.m.6 views

Archive_Tar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked

ArchiveTar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked...

7.8CVSS5.8AI score0.47493EPSS
Exploits2References4
Rows per page
Query Builder