Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
InstawpString Locator

3 matches found

CVE
CVEadded 2022/09/06 5:18 p.m.64 views

CVE-2022-2434

The CVE-2022-2434 entry affects the WordPress String Locator plugin (versions up to and including 2.5.0). The underlying issue is deserialization of untrusted input via the string-locator-path parameter, which can allow a PHAR-based call to arbitrary PHP objects when an action is triggered (e.g.,...

8.8CVSS8.6AI score0.01207EPSS
CVE
CVEadded 2025/01/21 8:21 a.m.63 views

CVE-2024-10936

CVE-2024-10936 relates to the WordPress String Locator plugin (versions up to 2.6.6). The vulnerability enables unauthenticated PHP Object Injection via deserialization in the recursive_unserialize_replace function. If a POP chain exists through another plugin/theme, an attacker could delete arbi...

8.8CVSS8.9AI score0.01088EPSS
CVE
CVEadded 2024/08/24 2:2 a.m.50 views

CVE-2023-6987

CVE-2023-6987 affects the WordPress plugin String locator. It is a reflected XSS vulnerability triggered by the sql-column parameter in all versions up to and including 2.6.5, due to insufficient input sanitization and output escaping. Exploitation requires WP_DEBUG to be enabled and allows an un...

6.1CVSS6AI score0.0029EPSS