0.0

CVE-2024-52407 - WordPress BasePress Migration Tools plugin <= 1.0.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in BasePress BasePress Migration Tools basepress-migration-tools allows Upload a Web Shell to a Web Server.This issue affects BasePress Migration Tools: from n/a through <= 1.0.0.

📅 Published: Nov. 16, 2024, 9:46 p.m. 🔄 Last Modified: April 1, 2026, 4:20 p.m.

0.0

CVE-2024-52408 - WordPress Push Notifications for WordPress by PushAssist plugin <= 3.0.8 - Arbitrary File Upload vu…

Unrestricted Upload of File with Dangerous Type vulnerability in pushassist Push Notifications for WordPress by PushAssist push-notification-for-wp-by-pushassist allows Upload a Web Shell to a Web Server.This issue affects Push Notifications for WordPress by PushAssist: from n/a through <= 3.0.8.

📅 Published: Nov. 16, 2024, 9:44 p.m. 🔄 Last Modified: April 1, 2026, 4:20 p.m.

0.0

CVE-2024-52409 - WordPress AJAX Random Posts plugin <= 0.3.3 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Phoenixheart AJAX Random Posts ajax-random-posts allows Object Injection.This issue affects AJAX Random Posts: from n/a through <= 0.3.3.

📅 Published: Nov. 16, 2024, 9:42 p.m. 🔄 Last Modified: April 1, 2026, 4:20 p.m.

0.0

CVE-2024-52410 - WordPress Referrer Detector plugin <= 4.2.1.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Phoenixheart Referrer Detector referrer-detector allows Object Injection.This issue affects Referrer Detector: from n/a through <= 4.2.1.0.

📅 Published: Nov. 16, 2024, 9:40 p.m. 🔄 Last Modified: April 1, 2026, 4:20 p.m.

0.0

CVE-2024-52411 - WordPress Advanced Personalization plugin <= 1.1.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in flowcraft Advanced Personalization personalization-by-flowcraft allows Object Injection.This issue affects Advanced Personalization: from n/a through <= 1.1.2.

📅 Published: Nov. 16, 2024, 9:39 p.m. 🔄 Last Modified: April 1, 2026, 4:20 p.m.

9.8

CVSS3.1

CVE-2024-52412 - WordPress Xin theme <= 1.0.8.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Stephen Cui Xin allows Object Injection.This issue affects Xin: from n/a through 1.0.8.1.

📅 Published: Nov. 16, 2024, 9:36 p.m. 🔄 Last Modified: Nov. 19, 2024, 3:02 p.m.

0.0

CVE-2024-52413 - WordPress Airin Blog theme <= 1.6.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in dmcwebzone Airin Blog airin-blog allows Object Injection.This issue affects Airin Blog: from n/a through <= 1.6.1.

📅 Published: Nov. 16, 2024, 9:33 p.m. 🔄 Last Modified: April 1, 2026, 4:20 p.m.

0.0

CVE-2024-52414 - WordPress WDES Responsive Mobile Menu plugin <= 5.3.18 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Anthony Carbon WDES Responsive Mobile Menu wdes-responsive-mobile-menu allows Object Injection.This issue affects WDES Responsive Mobile Menu: from n/a through <= 5.3.18.

📅 Published: Nov. 16, 2024, 9:22 p.m. 🔄 Last Modified: April 1, 2026, 4:20 p.m.

0.0

CVE-2024-52386 - WordPress Classified Listing plugin <= 3.1.16 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in RadiusTheme Classified Listing classified-listing allows PHP Local File Inclusion.This issue affects Classified Listing: from n/a through <= 3.1.16.

📅 Published: Nov. 16, 2024, 9:18 p.m. 🔄 Last Modified: April 1, 2026, 4:20 p.m.

0.0

CVE-2024-52415 - WordPress SK WP Settings Backup plugin <= 1.0 - CSRF to PHP Object Injection vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in skipstorm SK WP Settings Backup sk-wp-settings-backup allows Object Injection.This issue affects SK WP Settings Backup: from n/a through <= 1.0.

📅 Published: Nov. 16, 2024, 9:15 p.m. 🔄 Last Modified: April 1, 2026, 4:20 p.m.

Vulnerability Database Index

0.0