WordPress Plugin Vulnerabilities

Splashing Images <= 2.1 - Authenticated PHP Object Injection

Description

The Splashing Images WordPress plugin was affected by an Authenticated PHP Object Injection security vulnerability.

Affects Plugins

Plugin icon
wp-splashing-images
Fixed in 2.1.1

References

CVE
CVE-2018-6195
URL
https://packetstormsecurity.com/files/#146109/
URL
https://plugins.trac.wordpress.org/changeset/1807349/wp-splashing-images

Classification

Type
OBJECT INJECTION
OWASP top 10
A8: Insecure Deserialization
CWE
CWE-502
CVSS
7.2 (high)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
13a9d0c7-4fde-4cda-a617-51495560126a

Timeline

Publicly Published
2018-01-26 (about 8 years ago)
Added
2018-01-29 (about 8 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2019-09-19
Title
WP Google Map Plugin < 4.1.0 - CSRF to Unauthenticated PHP Object Injection
Published
2021-06-08
Title
JoomSport < 5.1.8 - Unauthenticated PHP Object Injection
Published
2023-09-13
Title
Essential Blocks <= 4.2.0 - Unauthenticated PHP Object Injection via products
Published
2024-02-02
Title
Knowledge Base for Documentation, FAQs with AI Assistance < 11.31.0 - Unauthenticated PHP Object Injection in is_article_recently_viewed
Published
2023-12-05
Title
Soledad < 8.4.2 - Unauthenticated PHP Object Injection