Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-15 | CVE-2023-6049 | Deserialization of Untrusted Data vulnerability in Estatik The Estatik Real Estate Plugin WordPress plugin before 4.1.1 unserializes user input via some of its cookies, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget chain is present on the blog | 9.8 |
| 2024-01-09 | CVE-2023-7032 | Deserialization of Untrusted Data vulnerability in Schneider-Electric Easergy Studio A CWE-502: Deserialization of untrusted data vulnerability exists that could allow an attacker logged in with a user level account to gain higher privileges by providing a harmful serialized object. | 7.8 |
| 2024-01-08 | CVE-2023-52202 | Deserialization of Untrusted Data vulnerability in Svnlabs Html5 MP3 Player With Folder Feedburner Playlist Free Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 MP3 Player with Folder Feedburner Playlist Free.This issue affects HTML5 MP3 Player with Folder Feedburner Playlist Free: from n/a through 2.8.0. | 7.2 |
| 2024-01-08 | CVE-2023-52200 | Deserialization of Untrusted Data vulnerability in Reputeinfosystems Armember Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup.This issue affects ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup: n/a. | 9.8 |
| 2024-01-08 | CVE-2023-52205 | Deserialization of Untrusted Data vulnerability in Svnlabs Html5 Soundcloud Player With Playlist Free 2.4.0/2.8.0 Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 SoundCloud Player with Playlist Free.This issue affects HTML5 SoundCloud Player with Playlist Free: from n/a through 2.8.0. | 7.2 |
| 2024-01-08 | CVE-2023-52206 | Deserialization of Untrusted Data vulnerability in Blueastral Page Builder: Live Composer Deserialization of Untrusted Data vulnerability in Live Composer Team Page Builder: Live Composer live-composer-page-builder.This issue affects Page Builder: Live Composer: from n/a through 1.5.25. | 7.2 |
| 2024-01-08 | CVE-2023-52207 | Deserialization of Untrusted Data vulnerability in Svnlabs Html5 MP3 Player With Playlist Free 2.6 Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 MP3 Player with Playlist Free.This issue affects HTML5 MP3 Player with Playlist Free: from n/a through 3.0.0. | 8.8 |
| 2024-01-08 | CVE-2023-5235 | Deserialization of Untrusted Data vulnerability in Kutethemes Ovic Responsive Wpbakery The Ovic Responsive WPBakery WordPress plugin before 1.2.9 does not limit which options can be updated via some of its AJAX actions, which may allow attackers with a subscriber+ account to update blog options, such as 'users_can_register' and 'default_role'. | 8.8 |
| 2024-01-08 | CVE-2023-6528 | Deserialization of Untrusted Data vulnerability in Themepunch Slider Revolution 3.0.95/4.1.4/4.2.2 The Slider Revolution WordPress plugin before 6.6.19 does not prevent users with at least the Author role from unserializing arbitrary content when importing sliders, potentially leading to Remote Code Execution. | 8.8 |
| 2024-01-08 | CVE-2023-52218 | Deserialization of Untrusted Data vulnerability in Antonbond Woocommerce Tranzila Payment Gateway Deserialization of Untrusted Data vulnerability in Anton Bond Woocommerce Tranzila Payment Gateway.This issue affects Woocommerce Tranzila Payment Gateway: from n/a through 1.0.8. | 9.8 |