Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-502 (可信数据的反序列化) — Vulnerability Class 1677

1677 vulnerabilities classified as CWE-502 (可信数据的反序列化). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-1792 CMB2 <= 2.10.1 - Authenticated (Contributor+) PHP Object Injection — CMB2 7.5 High2024-04-09
CVE-2024-1813 Simple Job Board <= 2.11.0 - Unauthenticated PHP Object Injection via Job Application Fields — Simple Job Board 9.8 Critical2024-04-09
CVE-2024-2693 Link Whisper Free <= 0.7.1 - Authenticated (Contributor+) PHP Object Injection — Link Whisper Free 8.8 High2024-04-09
CVE-2024-31224 GPT Academic: Pickle deserializing cookies may pose RCE risk — gpt_academic 9.8 Critical2024-04-08
CVE-2024-3431 EyouCMS Backend deserialization — EyouCMS 4.7 Medium2024-04-07
CVE-2024-31277 WordPress Product Designer plugin <= 1.0.32 - PHP Object Injection vulnerability — Product Designer 8.7 High2024-04-07
CVE-2024-31308 WordPress WP Import Export Lite & WP Import Export plugin <= 3.9.26 - PHP Object Injection vulnerability — WP Import Export Lite 4.4 Medium2024-04-07
CVE-2024-31211 Remote Code Execution in `WP_HTML_Token` — wordpress-develop 5.5 Medium2024-04-04
CVE-2024-2008 Modal Popup Box – Popup Builder, Show Offers And News in Popup <= 1.5.2 - Authenticated (Contributor+) PHP Object Injection in awl_modal_popup_box_shortcode — Modal Popup Box 8.8 High2024-04-04
CVE-2023-51570 Voltronic Power ViewPower Pro Deserialization of Untrusted Data Remote Code Execution Vulnerability — ViewPower Pro 9.8 -2024-04-01
CVE-2024-31094 WordPress Filter Custom Fields & Taxonomies Light plugin <= 1.05 - PHP Object Injection vulnerability — Filter Custom Fields & Taxonomies Light 8.5 High2024-03-31
CVE-2024-3018 Essential Addons for Elementor <= 5.9.13 - Authenticated (Author+) PHP Object Injection via error_resetpassword — Essential Addons for Elementor – Popular Elementor Templates & Widgets 8.8 High2024-03-30
CVE-2024-1872 Button <= 1.1.27 - Authenticated (Contributor+) PHP Object Injection in button_shortcode — Button 8.8 High2024-03-29
CVE-2024-1858 Lightbox slider – Responsive Lightbox Gallery <= 1.9.9 - Authenticated (Contributor+) PHP Object Injection — Lightbox slider – Responsive Lightbox Gallery 5.4 Medium2024-03-29
CVE-2023-23649 WordPress MainWP Links Manager Extension Plugin <= 2.1 - Unauthenticated PHP Object Injection Vulnerability — MainWP Links Manager Extension 8.1 High2024-03-28
CVE-2024-30221 WordPress Sunshine Photo Cart plugin <= 3.1.1 - PHP Object Injection vulnerability — Sunshine Photo Cart 5.4 Medium2024-03-28
CVE-2024-30222 WordPress ARMember plugin <= 4.0.26 - PHP Object Injection vulnerability — ARMember 8.5 High2024-03-28
CVE-2024-30223 WordPress ARMember plugin <= 4.0.26 - Unauthenticated PHP Object Injection vulnerability — ARMember 9.0 Critical2024-03-28
CVE-2024-30224 WordPress WholesaleX plugin <= 1.3.2 - Unauthenticated PHP Object Injection vulnerability — WholesaleX 10.0 Critical2024-03-28
CVE-2024-30225 WordPress WP Migrate plugin <= 2.6.10 - Unauthenticated PHP Object Injection vulnerability — WP Migrate 10.0 Critical2024-03-28
CVE-2024-30226 WordPress BetterDocs plugin <= 3.3.3 - Unauthenticated PHP Object Injection vulnerability — BetterDocs 9.0 Critical2024-03-28
CVE-2024-30227 WordPress Geo Controller plugin <= 8.6.4 - PHP Object Injection vulnerability — Geo Controller 9.0 Critical2024-03-28
CVE-2024-30228 WordPress Hercules Core plugin <= 6.4 - Auth. PHP Object Injection vulnerability — Hercules Core 9.9 Critical2024-03-28
CVE-2024-30229 WordPress Give plugin <= 3.4.2 - PHP Object Injection vulnerability — GiveWP 8.0 High2024-03-28
CVE-2024-30230 WordPress PDF Invoices and Packing Slips For WooCommerce plugin <= 1.3.7 - PHP Object Injection vulnerability — PDF Invoices and Packing Slips For WooCommerce 8.2 High2024-03-28
CVE-2024-1770 Meta Tag Manager <= 3.0.2 - Authenticated (Subscriber+) PHP Object Injection — Meta Tag Manager 8.8 High2024-03-28
CVE-2024-24842 WordPress Knowledge Base for Documentation, FAQs with AI Assistance plugin <= 11.30.2 - PHP Object Injection vulnerability — Knowledge Base for Documentation, FAQs with AI Assistance 8.7 High2024-03-27
CVE-2023-27459 WordPress User Registration plugin <= 2.3.2.1 - Authenticated PHP Object Injection vulnerability — User Registration 7.4 High2024-03-26
CVE-2024-2025 BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages <= 3.4.20 - Authenticated (Subscriber+) PHP Object Injection in get_simple_request — BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages 8.8 High2024-03-23
CVE-2024-28861 Gadget chain in Symfony 1 due to uncontrolled unserialized input in sfNamespacedParameterHolder — symfony1 9.8 Critical2024-03-22

Vulnerabilities classified as CWE-502 (可信数据的反序列化) represent 1677 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.