VYPR

Devvn Image Hotspot

by WordPress

CVEs (1)

  • CVE-2024-7656HigAug 24, 2024
    risk 0.50cvss 8.8epss 0.01

    The Image Hotspot by DevVN plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.5 via deserialization of untrusted input in the 'devvn_ihotspot_shortcode_func' function. This makes it possible for authenticated attackers, with…