String Locator

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2024-10936 HIGH PATCH This Month

The String locator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.6 via deserialization of untrusted input in the 'recursive_unserialize_replace'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 16.5%.

Deserialization WordPress Information Disclosure PHP String Locator

NVD

CVSS 3.1

8.8

EPSS

16.5%

CVE-2024-10936

EPSS 16% CVSS 8.8

HIGH PATCH This Month

The String locator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.6 via deserialization of untrusted input in the 'recursive_unserialize_replace'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 16.5%.

Deserialization WordPress Information Disclosure +2

NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy