WordPress Plugin Vulnerabilities

blogVault 1.40-1.44 - Unauthenticated PHP Object Injection

Description

The Backup & Staging – BlogVault Backups WordPress plugin was affected by an Unauthenticated PHP Object Injection security vulnerability.

Affects Plugins

Plugin icon
blogvault-real-time-backup
Fixed in 1.45

References

URL
https://blogvault.net/blogvault-security-update/
URL
https://plugins.trac.wordpress.org/changeset/1589057/blogvault-real-time-backup

Classification

Type
OBJECT INJECTION
OWASP top 10
A8: Insecure Deserialization
CWE
CWE-502

Miscellaneous

Submitter
Nitant
Verified
No
WPVDB ID
b2697cf6-9916-4738-a176-56a05214e6ef

Timeline

Publicly Published
2017-04-06 (about 9 years ago)
Added
2017-04-06 (about 9 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2024-10-18
Title
SiteBuilder Dynamic Components <= 1.0 - Unauthenticated PHP Object Injection
Published
2017-01-25
Title
Google Forms 0.84-0.87 - Unauthenticated PHP Object Injection
Published
2025-06-23
Title
Nuss <= 1.3.3 - Authenticated (Subscriber+) PHP Object Injection
Published
2017-04-27
Title
SiteBuilder Dynamic Components <= 1.0 - Unauthenticated PHP Object Injection
Published
2024-05-07
Title
Advanced Ads – Ad Manager & AdSense < 1.52.2 - Authenticated (Admin+) PHP Object Injection