Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-07 | CVE-2020-36718 | Deserialization of Untrusted Data vulnerability in Ninjateam Gpdr Ccpa Compliance Support The GDPR CCPA Compliance Support plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.3 via deserialization of untrusted input "njt_gdpr_allow_permissions" value. | 9.8 |
| 2023-06-07 | CVE-2020-36726 | Deserialization of Untrusted Data vulnerability in Etoilewebdesign Ultimate Reviews The Ultimate Reviews plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.1.32 via deserialization of untrusted input in several vulnerable functions. | 9.8 |
| 2023-06-07 | CVE-2020-36727 | Deserialization of Untrusted Data vulnerability in Xyzscripts Newsletter Manager The Newsletter Manager plugin for WordPress is vulnerable to insecure deserialization in versions up to, and including, 1.5.1. | 9.8 |
| 2023-06-01 | CVE-2023-33963 | Deserialization of Untrusted Data vulnerability in Dataease DataEase is an open source data visualization and analysis tool. | 9.8 |
| 2023-05-30 | CVE-2023-2288 | Deserialization of Untrusted Data vulnerability in Themeisle Otter The Otter WordPress plugin before 2.2.6 does not sanitize some user-controlled file paths before performing file operations on them. | 8.8 |
| 2023-05-25 | CVE-2023-2500 | Deserialization of Untrusted Data vulnerability in Granthweb GO Pricing The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.3.19 via deserialization of untrusted input from the 'go_pricing' shortcode 'data' parameter. | 8.8 |
| 2023-05-24 | CVE-2022-4815 | Deserialization of Untrusted Data vulnerability in Hitachi products Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x deserialize untrusted JSON data without constraining the parser to approved classes and methods. | 8.8 |
| 2023-05-23 | CVE-2023-27068 | Deserialization of Untrusted Data vulnerability in Sitecore Experience Platform Deserialization of Untrusted Data in Sitecore Experience Platform through 10.2 allows remote attackers to run arbitrary code via ValidationResult.aspx. | 9.8 |
| 2023-05-16 | CVE-2023-31890 | Deserialization of Untrusted Data vulnerability in Glazedlists Glazed Lists 1.11.0 An XML Deserialization vulnerability in glazedlists v1.11.0 allows an attacker to execute arbitrary code via the BeanXMLByteCoder.decode() parameter. | 9.8 |
| 2023-05-12 | CVE-2023-20878 | Deserialization of Untrusted Data vulnerability in VMWare Cloud Foundation and Vrealize Operations VMware Aria Operations contains a deserialization vulnerability. | 7.2 |