WordPress Plugin Vulnerabilities

Rencontre – Dating Site < 3.11.2 - Subscriber+ PHP Object Injection

Description

The plugin unserializes user input, which could allow any authenticated users, such as subscribers to perform PHP Object Injection when a suitable gadget is present on the blog

Affects Plugins

Plugin icon
rencontre
Fixed in 3.11.2

References

CVE
CVE-2023-51470
URL
https://patchstack.com/database/vulnerability/rencontre/wordpress-rencontre-plugin-3-11-1-authenticated-php-object-injection-vulnerability

Classification

Type
OBJECT INJECTION
OWASP top 10
A8: Insecure Deserialization
CWE
CWE-502
CVSS
7.5 (high)

Miscellaneous

Original Researcher
Rafie Muhammad
Verified
No
WPVDB ID
8ec9c413-c2e4-415a-a8e0-3845ccff973e

Timeline

Publicly Published
2023-12-27 (about 2 years ago)
Added
2024-01-05 (about 2 years ago)
Last Updated
2024-01-09 (about 2 years ago)

Other

Published
Title
Published
2025-09-07
Title
Scape <= 1.5.13 - Unauthenticated PHP Object Injection
Published
2023-12-29
Title
ARI Stream Quiz < 1.3.1 - Authenticated (Contributor+) PHP Object Injection
Published
2025-08-19
Title
ThemeMakers Visual Content Composer <= 1.5.8 - Unauthenticated PHP Object Injection
Published
2025-08-20
Title
WP Funnel Manager < 1.4.1 - Unauthenticated PHP Object Injection
Published
2026-03-17
Title
Travel Booking WordPress Theme < 3.2.8.1 - Unauthenticated PHP Object Injection