WordPress Plugin Vulnerabilities

Virim - Unauthenticated Object Injection

Description

The Virim WordPress plugin was affected by an Unauthenticated Object Injection security vulnerability.

Affects Plugins

Plugin icon
virim
No known fix

References

CVE
CVE-2019-12240
URL
https://dumpco.re/bugs/wp-plugin-virim-id

Classification

Type
OBJECT INJECTION
OWASP top 10
A8: Insecure Deserialization
CWE
CWE-502
CVSS
9.8 (critical)

Miscellaneous

Original Researcher
Magnus K. Stubman
Submitter
Ryan Dewhurst
Submitter website
https://wpscan.io
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
dd4da82b-0aae-4c55-9929-b70a650e480a

Timeline

Publicly Published
2019-05-07 (about 7 years ago)
Added
2019-05-27 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-05-22
Title
Mulitple Themes by Themeton <= (Various Versions) - Unauthenticated PHP Object Injection
Published
2024-03-15
Title
Simple Job Board < 2.11.1 - Unauthenticated PHP Object Injection via Job Application Fields
Published
2025-04-15
Title
Kata Plus < 1.5.4 - Unauthenticated PHP Object Injection
Published
2025-07-18
Title
Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms < 1.1.2 - Unauthenticated PHP Object Injection via verify_field_val Function
Published
2025-11-18
Title
WP Import – Ultimate CSV XML Importer for WordPress < 7.34 - Authenticated (Administrator+) PHP Object Injection via CSV Import