CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-21005 – bbPress Move Topics <= 1.1.4 - PHP Object Injection
https://notcve.org/view.php?id=CVE-2018-21005
11 Mar 2018 — The bbp-move-topics plugin before 1.1.6 for WordPress has code injection. El plugin bbp-move-topics versiones anteriores a 1.1.6 para WordPress, presenta una inyección de código. The bbPress Move Topics plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.1.4 via deserialization of untrusted input via the 'aforums_move_topics_page()' function where it passes the decoded 'allforums' value through the 'unserialize()' function. This allows authenticated attackers to in... • https://wordpress.org/plugins/bbp-move-topics/#developers • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-21006 – bbPress Move Topics <= 1.1.4 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2018-21006
11 Mar 2018 — The bbp-move-topics plugin before 1.1.6 for WordPress has CSRF. El plugin bbp-move-topics versiones anteriores a 1.1.6 para WordPress, tiene una vulnerabilidad de tipo CSRF. The bbp-move-topics plugin before 1.1.5 for WordPress has CSRF. • https://wordpress.org/plugins/bbp-move-topics/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •