VYPR

News Flash

by WordPress

CVEs (1)

  • CVE-2024-7560HigAug 8, 2024
    risk 0.47cvss 7.2epss 0.01

    The News Flash theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.0 via deserialization of untrusted input from the newsflash_post_meta meta value. This makes it possible for authenticated attackers, with Editor-level access and…