cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score CVE-2024-4838,https://securityvulnerability.io/vulnerability/CVE-2024-4838,ConvertPlus Plugin Vulnerable to PHP Object Injection,"The ConvertPlus plugin for WordPress is susceptible to a PHP Object Injection vulnerability due to the insecure deserialization of untrusted input from the 'settings_encoded' attribute within the 'smile_modal' shortcode. This flaw affects all versions up to and including 3.5.26 and can be exploited by authenticated attackers, possessing contributor-level access or higher. Exploitation could potentially lead to the injection of a PHP Object. While the vulnerable plugin does not inherently include a PHP Object Pollution (POP) chain, the presence of such a chain via other plugins or themes on the target site could enable an attacker to perform high-impact actions such as deleting arbitrary files, extracting sensitive data, or executing malicious code.",Wordpress,Convertplus,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-16T11:05:27.037Z,0 CVE-2019-15863,https://securityvulnerability.io/vulnerability/CVE-2019-15863,Unintended Account Creation in ConvertPlus Plugin for WordPress,"The ConvertPlus plugin for WordPress prior to version 3.4.5 is susceptible to a vulnerability that allows unauthorized account creation without the appropriate role designation. This could lead to the exposure of sensitive site functionalities, as it enables attackers to gain access to user accounts without proper permissions by exploiting a variant request. Users are strongly encouraged to update to the latest version to mitigate risks associated with this issue.",Wordpress,Convertplus,7.5,HIGH,0.0008399999933317304,false,,false,false,false,,,false,false,,2019-09-03T11:41:51.000Z,0