Vulnerabilities > Optiontree Project > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-08-22 CVE-2019-15321 Deserialization of Untrusted Data vulnerability in Optiontree Project Optiontree
The option-tree plugin before 2.7.3 for WordPress has Object Injection because serialized classes are mishandled.
network
low complexity
optiontree-project CWE-502
critical
 9.8
9.8
2019-08-22 CVE-2019-15320 Deserialization of Untrusted Data vulnerability in Optiontree Project Optiontree
The option-tree plugin before 2.7.3 for WordPress has Object Injection because the + character is mishandled.
network
low complexity
optiontree-project CWE-502
critical
 9.8
9.8
2019-08-22 CVE-2019-15319 Deserialization of Untrusted Data vulnerability in Optiontree Project Optiontree
The option-tree plugin before 2.7.0 for WordPress has Object Injection by leveraging a valid nonce.
network
low complexity
optiontree-project CWE-502
critical
 9.8
9.8