CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25100 – WordPress Coupon Referral Program Plugin <= 1.7.2 is vulnerable to PHP Object Injection
https://notcve.org/view.php?id=CVE-2024-25100
05 Feb 2024 — The Coupon Referral Program plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.7.2 via deserialization of untrusted input. • https://patchstack.com/database/vulnerability/coupon-referral-program/wordpress-coupon-referral-program-plugin-1-7-2-unauthenticated-php-object-injection-vulnerability? • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0685 – Ninja Forms Contact Form <= 3.7.1 - Unauthenticated Second Order SQL Injection
https://notcve.org/view.php?id=CVE-2024-0685
01 Feb 2024 — The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Second Order SQL Injection via the email address value submitted through forms in all versions up to, and including, 3.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. ... Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress es vulnerable a la inyección... • https://plugins.trac.wordpress.org/changeset/3028929/ninja-forms/trunk/includes/Admin/UserDataRequests.php • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24797 – WordPress ERE Recently Viewed Plugin <= 1.3 is vulnerable to PHP Object Injection
https://notcve.org/view.php?id=CVE-2024-24797
31 Jan 2024 — The ERE Recently Viewed plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3 via deserialization of untrusted input. • https://patchstack.com/database/vulnerability/ere-recently-viewed/wordpress-ere-recently-viewed-plugin-1-3-unauthenticated-php-object-injection-vulnerability? • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1061 – HTML5 Video Player <= 2.5.24 - Unauthenticated SQL Injection via id
https://notcve.org/view.php?id=CVE-2024-1061
30 Jan 2024 — The 'HTML5 Video Player' WordPress Plugin, version < 2.5.25 is affected by an unauthenticated SQL injection vulnerability in the 'id' parameter in the 'get_view' function. El complemento de WordPress 'HTML5 Video Player', versión <2.5.25, se ve afectado por una vulnerabilidad de inyección SQL no autenticada en el parámetro 'id' de la función 'get_view'. The Html5 Video Player plugin for WordPress is vulnerable to SQL Injection via the 'id’ parameter in all versions up to, and includi... • https://www.tenable.com/security/research/tra-2024-02 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23512 – WordPress ProductX – Gutenberg WooCommerce Blocks Plugin <= 3.1.4 is vulnerable to PHP Object Injection
https://notcve.org/view.php?id=CVE-2024-23512
30 Jan 2024 — The ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.4 via deserialization of untrusted input from the 'wopb_wishlist' and 'wopb_compare' cookies. • https://patchstack.com/database/vulnerability/product-blocks/wordpress-productx-plugin-3-1-4-php-object-injection-vulnerability? • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23513 – WordPress PropertyHive Plugin <= 2.0.5 is vulnerable to PHP Object Injection
https://notcve.org/view.php?id=CVE-2024-23513
30 Jan 2024 — The PropertyHive plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.5 via deserialization of untrusted input from the 'propertyhive_currency' cookie value. • https://patchstack.com/database/vulnerability/propertyhive/wordpress-propertyhive-plugin-2-0-5-php-object-injection-vulnerability? • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2023-6933 – Better Search Replace <= 1.4.4 - Unauthenticated PHP Object Injection
https://notcve.org/view.php?id=CVE-2023-6933
24 Jan 2024 — The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input. ... El complemento Better Search Replace para WordPress es vulnerable a la inyección de objetos PHP en todas las versiones hasta la 1.4.4 incluida, a través de la deserialización de entradas que no son de confianza. • https://github.com/w2xim3/CVE-2023-6933 • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22309 – WordPress ChatBot Plugin <= 5.1.0 is vulnerable to PHP Object Injection
https://notcve.org/view.php?id=CVE-2024-22309
19 Jan 2024 — The ChatBot with AI plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.1.0 via deserialization of untrusted input via the last_five_prompt cookies. • https://patchstack.com/database/vulnerability/chatbot/wordpress-ai-chatbot-plugin-5-1-0-unauthenticated-php-object-injection-vulnerability? • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41990 – WordPress 3D Tag Cloud Plugin <= 3.8 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-41990
17 Jan 2024 — The 3D Tag Cloud plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8. • https://patchstack.com/database/vulnerability/cardoza-3d-tag-cloud/wordpress-3d-tag-cloud-plugin-3-8-stored-cross-site-scripting-xss-via-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22291 – WordPress Browser Theme Color Plugin <= 1.3 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2024-22291
17 Jan 2024 — The Browser Theme Color plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3. • https://patchstack.com/database/vulnerability/browser-theme-color/wordpress-browser-theme-color-plugin-1-3-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •