Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-30 | CVE-2024-2694 | Deserialization of Untrusted Data vulnerability in Muffingroup Betheme 26.5.1.4/26.6/26.6.1 The Betheme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 27.5.6 via deserialization of untrusted input of the 'mfn-page-items' post meta value. | 8.8 |
| 2024-08-29 | CVE-2024-8255 | Deserialization of Untrusted Data vulnerability in Deltaww DTN Soft Delta Electronics DTN Soft version 2.0.1 and prior are vulnerable to an attacker achieving remote code execution through a deserialization of untrusted data vulnerability. | 9.8 |
| 2024-08-29 | CVE-2024-43931 | Deserialization of Untrusted Data vulnerability in Eyecix Jobsearch WP JOB Board 1.5.1/1.7.4 Deserialization of Untrusted Data vulnerability in eyecix JobSearch allows Object Injection.This issue affects JobSearch: from n/a through 2.5.3. | 9.8 |
| 2024-08-29 | CVE-2022-2440 | The Theme Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'images_array' parameter in versions up to, and including 2.8. | 7.2 |
| 2024-08-24 | CVE-2024-7351 | Deserialization of Untrusted Data vulnerability in Presstigers Simple JOB Board The Simple Job Board plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.12.3 via deserialization of untrusted input when editing job applications. | 7.2 |
| 2024-08-20 | CVE-2024-42362 | Deserialization of Untrusted Data vulnerability in Apache Hertzbeat Hertzbeat is an open source, real-time monitoring system. | 8.8 |
| 2024-08-20 | CVE-2024-8003 | Deserialization of Untrusted Data vulnerability in Gotribe Gotribe-Admin 1.0 A vulnerability was found in Go-Tribe gotribe-admin 1.0 and classified as problematic. | 9.8 |
| 2024-08-20 | CVE-2024-5932 | Deserialization of Untrusted Data vulnerability in Givewp The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the 'give_title' parameter. | 9.8 |
| 2024-08-19 | CVE-2024-43242 | Deserialization of Untrusted Data vulnerability in Wpindeed Ultimate Membership PRO Deserialization of Untrusted Data vulnerability in azzaroco Ultimate Membership Pro allows Object Injection.This issue affects Ultimate Membership Pro: from n/a through 12.6. | 10.0 |
| 2024-08-13 | CVE-2024-28986 | Deserialization of Untrusted Data vulnerability in Solarwinds web Help Desk SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. | 9.8 |