Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-31 | CVE-2022-3360 | Deserialization of Untrusted Data vulnerability in Thimpress Learnpress The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution (RCE). | 8.1 |
| 2022-10-31 | CVE-2022-3366 | Deserialization of Untrusted Data vulnerability in Publishpress Capabilities The PublishPress Capabilities WordPress plugin before 2.5.2, PublishPress Capabilities Pro WordPress plugin before 2.5.2 unserializes the content of imported files, which could lead to PHP object injection attacks by administrators, on multisite WordPress configurations. | 7.2 |
| 2022-10-31 | CVE-2022-3374 | Deserialization of Untrusted Data vulnerability in Oceanwp Ocean Extra The Ocean Extra WordPress plugin before 2.0.5 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import (intentionally or not) a malicious Customizer Styling file and a suitable gadget chain is present on the blog. | 7.2 |
| 2022-10-31 | CVE-2022-3380 | Deserialization of Untrusted Data vulnerability in Wpbeaverbuilder Customizer Export/Import The Customizer Export/Import WordPress plugin before 0.9.5 unserializes the content of an imported file, which could lead to PHP object injection issues when an admin imports (intentionally or not) a malicious file and a suitable gadget chain is present on the blog. | 7.2 |
| 2022-10-26 | CVE-2022-39944 | Deserialization of Untrusted Data vulnerability in Apache Linkis In Apache Linkis <=1.2.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures a JDBC EC with a MySQL data source and malicious parameters. | 8.8 |
| 2022-10-26 | CVE-2022-40238 | Deserialization of Untrusted Data vulnerability in Cert Vince A Remote Code Injection vulnerability exists in CERT software prior to version 1.50.5. | 8.8 |
| 2022-10-25 | CVE-2022-39312 | Deserialization of Untrusted Data vulnerability in Dataease Dataease is an open source data visualization analysis tool. | 9.8 |
| 2022-10-25 | CVE-2022-3335 | Deserialization of Untrusted Data vulnerability in Kadencewp Kadence Woocommerce Email Designer The Kadence WooCommerce Email Designer WordPress plugin before 1.5.7 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog. | 7.2 |
| 2022-10-20 | CVE-2022-36957 | Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. | 7.2 |
| 2022-10-20 | CVE-2022-36958 | Deserialization of Untrusted Data vulnerability in Solarwinds Orion Platform SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. | 8.8 |