2 matches found
CVE-2024-10936
CVE-2024-10936 relates to the WordPress String Locator plugin (versions up to 2.6.6). The vulnerability enables unauthenticated PHP Object Injection via deserialization in the recursive_unserialize_replace function. If a POP chain exists through another plugin/theme, an attacker could delete arbi...
CVE-2023-6987
CVE-2023-6987 affects the WordPress plugin String locator. It is a reflected XSS vulnerability triggered by the sql-column parameter in all versions up to and including 2.6.5, due to insufficient input sanitization and output escaping. Exploitation requires WP_DEBUG to be enabled and allows an un...