Skip to main content

Optiontree

3 CVEs product

Monthly

CVE-2019-15321 CRITICAL Act Now

The option-tree plugin before 2.7.3 for WordPress has Object Injection because serialized classes are mishandled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Deserialization Optiontree
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2019-15320 CRITICAL Act Now

The option-tree plugin before 2.7.3 for WordPress has Object Injection because the + character is mishandled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Deserialization Optiontree
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2019-15319 CRITICAL Act Now

The option-tree plugin before 2.7.0 for WordPress has Object Injection by leveraging a valid nonce. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Deserialization Optiontree
NVD
CVSS 3.0
9.8
EPSS
2.1%
EPSS 2% CVSS 9.8
CRITICAL Act Now

The option-tree plugin before 2.7.3 for WordPress has Object Injection because serialized classes are mishandled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Deserialization Optiontree
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

The option-tree plugin before 2.7.3 for WordPress has Object Injection because the + character is mishandled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Deserialization Optiontree
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

The option-tree plugin before 2.7.0 for WordPress has Object Injection by leveraging a valid nonce. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Deserialization Optiontree
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy