CVE-2024-10936
- EPSS 12.13%
- Veröffentlicht 21.01.2025 09:15:06
- Zuletzt bearbeitet 05.02.2025 19:16:15
The String locator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.6 via deserialization of untrusted input in the 'recursive_unserialize_replace' function. This makes it possible for unauthenticat...
CVE-2023-6987
- EPSS 1.41%
- Veröffentlicht 24.08.2024 02:15:04
- Zuletzt bearbeitet 26.09.2024 22:34:54
The String locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sql-column' parameter in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping. This makes it possible for ...
CVE-2022-2434
- EPSS 4.23%
- Veröffentlicht 06.09.2022 18:15:13
- Zuletzt bearbeitet 05.05.2025 17:18:09
The String Locator plugin for WordPress is vulnerable to deserialization of untrusted input via the 'string-locator-path' parameter in versions up to, and including 2.5.0. This makes it possible for unauthenticated users to call files using a PHAR wr...