Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-31 | CVE-2024-7435 | The Attire theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.6 via deserialization of untrusted input. | 8.8 |
| 2024-08-30 | CVE-2024-8016 | Deserialization of Untrusted Data vulnerability in Theeventscalendar Events Calendar PRO The Events Calendar Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.0.2 via deserialization of untrusted input from the 'filters' parameter in widgets. | 7.2 |
| 2024-08-30 | CVE-2024-2694 | Deserialization of Untrusted Data vulnerability in Muffingroup Betheme 26.5.1.4/26.6/26.6.1 The Betheme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 27.5.6 via deserialization of untrusted input of the 'mfn-page-items' post meta value. | 8.8 |
| 2024-08-29 | CVE-2024-8255 | Deserialization of Untrusted Data vulnerability in Deltaww DTN Soft Delta Electronics DTN Soft version 2.0.1 and prior are vulnerable to an attacker achieving remote code execution through a deserialization of untrusted data vulnerability. | 9.8 |
| 2024-08-29 | CVE-2024-43931 | Deserialization of Untrusted Data vulnerability in Eyecix Jobsearch WP JOB Board 1.5.1/1.7.4 Deserialization of Untrusted Data vulnerability in eyecix JobSearch allows Object Injection.This issue affects JobSearch: from n/a through 2.5.3. | 9.8 |
| 2024-08-29 | CVE-2022-2440 | The Theme Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'images_array' parameter in versions up to, and including 2.8. | 7.2 |
| 2024-08-24 | CVE-2024-7351 | Deserialization of Untrusted Data vulnerability in Presstigers Simple JOB Board The Simple Job Board plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.12.3 via deserialization of untrusted input when editing job applications. | 7.2 |
| 2024-08-20 | CVE-2024-42362 | Deserialization of Untrusted Data vulnerability in Apache Hertzbeat Hertzbeat is an open source, real-time monitoring system. | 8.8 |
| 2024-08-20 | CVE-2024-8003 | Deserialization of Untrusted Data vulnerability in Gotribe Gotribe-Admin 1.0 A vulnerability was found in Go-Tribe gotribe-admin 1.0 and classified as problematic. | 9.8 |
| 2024-08-20 | CVE-2024-5932 | Deserialization of Untrusted Data vulnerability in Givewp The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the 'give_title' parameter. | 9.8 |