CWE-502
Deserialization of Untrusted Data
Description
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-586
CVEs mapped to this weakness (1,721)
page 16 of 87| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-49318 | Cri | 0.64 | 9.8 | 0.01 | Oct 17, 2024 | Deserialization of Untrusted Data vulnerability in Scott My Reading Library my-reading-library allows Object Injection.This issue affects My Reading Library: from n/a through <= 1.0. | ||
| CVE-2024-49227 | Cri | 0.64 | 9.8 | 0.01 | Oct 16, 2024 | Deserialization of Untrusted Data vulnerability in foter Free Stock Photos Foter free-stock-photos-foter allows Object Injection.This issue affects Free Stock Photos Foter: from n/a through <= 1.5.4. | ||
| CVE-2024-49218 | Cri | 0.64 | 9.8 | 0.01 | Oct 16, 2024 | Deserialization of Untrusted Data vulnerability in Al Imran Akash Recently recently-viewed-most-viewed-and-sold-products-for-woocommerce allows Object Injection.This issue affects Recently: from n/a through <= 1.1. | ||
| CVE-2024-48030 | Cri | 0.64 | 9.8 | 0.01 | Oct 16, 2024 | Deserialization of Untrusted Data vulnerability in Webextends Telecash Ricaricaweb telecash-ricaricaweb allows Object Injection.This issue affects Telecash Ricaricaweb: from n/a through <= 2.2. | ||
| CVE-2024-48028 | Cri | 0.64 | 9.8 | 0.01 | Oct 16, 2024 | Deserialization of Untrusted Data vulnerability in Boyan Raichev IP Loc8 ip-loc8 allows Object Injection.This issue affects IP Loc8: from n/a through <= 1.1. | ||
| CVE-2024-48026 | Cri | 0.64 | 9.8 | 0.01 | Oct 16, 2024 | Deserialization of Untrusted Data vulnerability in GMRobbins Disc Golf Manager disc-golf-manager allows Object Injection.This issue affects Disc Golf Manager: from n/a through <= 1.0.0. | ||
| CVE-2024-48033 | Cri | 0.64 | 9.8 | 0.01 | Oct 11, 2024 | Deserialization of Untrusted Data vulnerability in baptiste.gourdin Talkback talkback-secure-linkback-protocol allows Object Injection.This issue affects Talkback: from n/a through <= 1.0. | ||
| CVE-2024-47636 | Cri | 0.64 | 9.8 | 0.01 | Oct 10, 2024 | Deserialization of Untrusted Data vulnerability in eyecix JobSearch wp-jobsearch allows Object Injection.This issue affects JobSearch: from n/a through <= 2.5.9. | ||
| CVE-2024-35515 | Cri | 0.64 | 9.8 | 0.01 | Sep 18, 2024 | Insecure deserialization in sqlitedict up to v2.1.0 allows attackers to execute arbitrary code. | ||
| CVE-2024-43354 | Cri | 0.64 | 9.8 | 0.01 | Aug 19, 2024 | Deserialization of Untrusted Data vulnerability in Saad Iqbal myCred mycred.This issue affects myCred: from n/a through <= 2.7.2. | ||
| CVE-2024-43141 | Cri | 0.64 | 9.8 | 0.01 | Aug 13, 2024 | Deserialization of Untrusted Data vulnerability in Roland Barker, xnau webdesign Participants Database allows Object Injection.This issue affects Participants Database: from n/a through 2.5.9.2. | ||
| CVE-2024-5871 | Cri | 0.64 | 9.8 | 0.01 | Jun 15, 2024 | The WooCommerce - Social Login plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.2 via deserialization of untrusted input from the 'woo_slg_verify' vulnerable parameter. This makes it possible for unauthenticated attackers to… | ||
| CVE-2024-5671 | Cri | 0.64 | 9.8 | 0.01 | Jun 14, 2024 | Insecure Deserialization in some workflows of the IPS Manager allows unauthenticated remote attackers to perform arbitrary code execution and access to the vulnerable Trellix IPS Manager. | ||
| CVE-2024-4413 | Cri | 0.64 | 9.8 | 0.01 | May 14, 2024 | The Hotel Booking Lite plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.11.1 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in… | ||
| CVE-2024-3070 | Cri | 0.64 | 9.8 | 0.01 | May 14, 2024 | The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input from the LastViewedPosts Cookie. This makes it possible for unauthenticated attackers to inject a PHP… | ||
| CVE-2024-1813 | Cri | 0.64 | 9.8 | 0.01 | Apr 9, 2024 | The Simple Job Board plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.11.0 via deserialization of untrusted input in the job_board_applicant_list_columns_value function. This makes it possible for unauthenticated attackers to… | ||
| CVE-2024-30228 | Cri | 0.64 | 9.9 | 0.01 | Mar 28, 2024 | Deserialization of Untrusted Data vulnerability in Hercules Design Hercules Core.This issue affects Hercules Core : from n/a through 6.4. | ||
| CVE-2024-24797 | Cri | 0.64 | 9.8 | 0.01 | Feb 12, 2024 | Deserialization of Untrusted Data vulnerability in G5Theme ERE Recently Viewed – Essential Real Estate Add-On.This issue affects ERE Recently Viewed – Essential Real Estate Add-On: from n/a through 1.3. | ||
| CVE-2023-52219 | Cri | 0.64 | 9.9 | 0.01 | Jan 8, 2024 | Deserialization of Untrusted Data vulnerability in Gecka Gecka Terms Thumbnails.This issue affects Gecka Terms Thumbnails: from n/a through 1.1. | ||
| CVE-2023-52182 | Cri | 0.64 | 9.9 | 0.01 | Dec 31, 2023 | Deserialization of Untrusted Data vulnerability in ARI Soft ARI Stream Quiz – WordPress Quizzes Builder.This issue affects ARI Stream Quiz – WordPress Quizzes Builder: from n/a through 1.3.0. |
- risk 0.64cvss 9.8epss 0.01
Deserialization of Untrusted Data vulnerability in Scott My Reading Library my-reading-library allows Object Injection.This issue affects My Reading Library: from n/a through <= 1.0.
- risk 0.64cvss 9.8epss 0.01
Deserialization of Untrusted Data vulnerability in foter Free Stock Photos Foter free-stock-photos-foter allows Object Injection.This issue affects Free Stock Photos Foter: from n/a through <= 1.5.4.
- risk 0.64cvss 9.8epss 0.01
Deserialization of Untrusted Data vulnerability in Al Imran Akash Recently recently-viewed-most-viewed-and-sold-products-for-woocommerce allows Object Injection.This issue affects Recently: from n/a through <= 1.1.
- risk 0.64cvss 9.8epss 0.01
Deserialization of Untrusted Data vulnerability in Webextends Telecash Ricaricaweb telecash-ricaricaweb allows Object Injection.This issue affects Telecash Ricaricaweb: from n/a through <= 2.2.
- risk 0.64cvss 9.8epss 0.01
Deserialization of Untrusted Data vulnerability in Boyan Raichev IP Loc8 ip-loc8 allows Object Injection.This issue affects IP Loc8: from n/a through <= 1.1.
- risk 0.64cvss 9.8epss 0.01
Deserialization of Untrusted Data vulnerability in GMRobbins Disc Golf Manager disc-golf-manager allows Object Injection.This issue affects Disc Golf Manager: from n/a through <= 1.0.0.
- risk 0.64cvss 9.8epss 0.01
Deserialization of Untrusted Data vulnerability in baptiste.gourdin Talkback talkback-secure-linkback-protocol allows Object Injection.This issue affects Talkback: from n/a through <= 1.0.
- risk 0.64cvss 9.8epss 0.01
Deserialization of Untrusted Data vulnerability in eyecix JobSearch wp-jobsearch allows Object Injection.This issue affects JobSearch: from n/a through <= 2.5.9.
- risk 0.64cvss 9.8epss 0.01
Insecure deserialization in sqlitedict up to v2.1.0 allows attackers to execute arbitrary code.
- risk 0.64cvss 9.8epss 0.01
Deserialization of Untrusted Data vulnerability in Saad Iqbal myCred mycred.This issue affects myCred: from n/a through <= 2.7.2.
- risk 0.64cvss 9.8epss 0.01
Deserialization of Untrusted Data vulnerability in Roland Barker, xnau webdesign Participants Database allows Object Injection.This issue affects Participants Database: from n/a through 2.5.9.2.
- risk 0.64cvss 9.8epss 0.01
The WooCommerce - Social Login plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.2 via deserialization of untrusted input from the 'woo_slg_verify' vulnerable parameter. This makes it possible for unauthenticated attackers to…
- risk 0.64cvss 9.8epss 0.01
Insecure Deserialization in some workflows of the IPS Manager allows unauthenticated remote attackers to perform arbitrary code execution and access to the vulnerable Trellix IPS Manager.
- risk 0.64cvss 9.8epss 0.01
The Hotel Booking Lite plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.11.1 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in…
- risk 0.64cvss 9.8epss 0.01
The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input from the LastViewedPosts Cookie. This makes it possible for unauthenticated attackers to inject a PHP…
- risk 0.64cvss 9.8epss 0.01
The Simple Job Board plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.11.0 via deserialization of untrusted input in the job_board_applicant_list_columns_value function. This makes it possible for unauthenticated attackers to…
- risk 0.64cvss 9.9epss 0.01
Deserialization of Untrusted Data vulnerability in Hercules Design Hercules Core.This issue affects Hercules Core : from n/a through 6.4.
- risk 0.64cvss 9.8epss 0.01
Deserialization of Untrusted Data vulnerability in G5Theme ERE Recently Viewed – Essential Real Estate Add-On.This issue affects ERE Recently Viewed – Essential Real Estate Add-On: from n/a through 1.3.
- risk 0.64cvss 9.9epss 0.01
Deserialization of Untrusted Data vulnerability in Gecka Gecka Terms Thumbnails.This issue affects Gecka Terms Thumbnails: from n/a through 1.1.
- risk 0.64cvss 9.9epss 0.01
Deserialization of Untrusted Data vulnerability in ARI Soft ARI Stream Quiz – WordPress Quizzes Builder.This issue affects ARI Stream Quiz – WordPress Quizzes Builder: from n/a through 1.3.0.