1 results (0.003 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Deserialization of Untrusted Data vulnerability in TAKETIN TAKETIN To WP Membership allows Object Injection.This issue affects TAKETIN To WP Membership: from n/a through 2.8.0. La vulnerabilidad de deserialización de datos no confiables en TAKETIN TAKETIN To WP Membership permite la inyección de objetos. Este problema afecta a TAKETIN To WP Membership: desde n/a hasta 2.8.0. The TAKETIN To WP Membership plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.8.1 via deserialization of untrusted input. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. • https://patchstack.com/database/vulnerability/taketin-to-wp-membership/wordpress-taketin-to-wp-membership-plugin-2-8-0-php-object-injection-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •