2 matches found
CVE-2024-13770
The CVE-2024-13770 entry concerns the Puzzles | WP Magazine / Review with Store WordPress Theme + RTL (WordPress) vulnerable to unauthenticated PHP Object Injection in all versions up to 4.2.4 via deserialization of input in the view_more_posts AJAX action. The impact is contingent on a POP chain...
CVE-2024-13769
CVE-2024-13769 – Puzzles theme (WP Magazine / Review with Store WordPress Theme + RTL) Vulnerability: Stored Cross-Site Scripting due to a missing capability check on the theme_options_ajax_post_action AJAX action. Affected versions: all versions up to and including 4.2.4. Impact: Authenticated a...