462 matches found
Design/Logic Flaw
The Revive Old Posts WordPress plugin before 9.0.11 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...
CVE-2022-4323
The Analyticator WordPress plugin before 6.5.6 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...
CVE-2022-3425
The Analyticator WordPress plugin before 6.5.6 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...
Design/Logic Flaw
The Analyticator WordPress plugin before 6.5.6 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...
CVE-2022-4323
CVE-2022-4323 concerns the WordPress plugin Analyticator (up to version 6.5.5; fixed in 6.5.6). The vulnerability arises because the plugin unserializes user input provided via the settings, which can enable PHP Object Injection when a suitable gadget is present. The issue can be triggered by hig...
CVE-2022-4043
The WP Custom Admin Interface WordPress plugin before 7.29 unserialize user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...
Design/Logic Flaw
The Starter Templates by Kadence WP WordPress plugin before 1.2.17 unserialises the content of an imported file, which could lead to PHP object injection issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog...
CVE-2022-3679
CVE-2022-3679 affects the WordPress plugin Starter Templates by Kadence WP prior to version 1.2.17. The issue arises from unserialising the content of an imported file, enabling PHP object injection when an admin imports a malicious file and a suitable gadget chain exists on the blog. Impact is d...
PT-2023-13350 · WordPress · Wptouch
Name of the Vulnerable Software and Affected Versions: WPtouch WordPress plugin versions prior to 4.3.45 Description: The issue arises from the unserialization of the content of an imported settings file, which could lead to PHP object injections issues when a user imports a malicious settings fi...
CVE-2022-4324
The Custom Field Template WordPress plugin before 2.5.8 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import intentionally or not a malicious Customizer Styling file and a suitable gadget chain is present on the blog...
CVE-2022-4302
The White Label CMS WordPress plugin before 2.5 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...
Design/Logic Flaw
The White Label CMS WordPress plugin before 2.5 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...
CVE-2022-4324 Custom Field Template < 2.5.8 - Admin+ PHP Object Injection
The Custom Field Template WordPress plugin before 2.5.8 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import intentionally or not a malicious Customizer Styling file and a suitable gadget chain is present on the blog...
Starter Templates by Kadence WP < 1.2.17 - Admin+ PHP Object Injection
The plugin unserialises the content of an imported file, which could lead to PHP object injection issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog. PoC To simulate a gadget chain, put the following code in a plugin: class Evil...
White Label CMS < 2.5 - Admin+ PHP Object Injection
The plugin unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. PoC To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup : void...
Rocky Linux 8 : php:7.4 (RLSA-2022:6542)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:6542 advisory. - ArchiveTar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack such as file:// to...
Scientific Linux Security Update : php-pear on SL7.x (noarch) (2022:7340)
The remote Scientific Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the SLSA-2022:7340-1 advisory. - ArchiveTar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked CVE-2020-28948 - ArchiveTar: improper filename...
Oracle Linux 7 : php-pear (ELSA-2022-7340)
The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-7340 advisory. 1:1.9.4-23 - update ArchiveTar to 1.4.14 CVE-2020-36193 CVE-2020-28948 CVE-2020-28949 Tenable has extracted the preceding description block directly fr...
RHEL 7 : php-pear (RHSA-2022:7340)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:7340 advisory. The php-pear package contains the PHP Extension and Application Repository PEAR, a framework and distribution system for reusable PHP...
Archive_Tar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked
ArchiveTar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked...