Trình Vũ

**Name of the Vulnerable Software and Affected Versions** CodeSolz Better Find and Replace versions 1.6.1 and earlier **Description** The issue is related to the deserialization of untrusted data, which can lead to potential security risks. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For CodeSolz Better Find and Replace versions 1.6.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WP MEDIA SAS Search & Replace versions n/a through 3.2.2 **Description** The issue is related to Deserialization of Untrusted Data, which affects the Search & Replace plugin. **Recommendations** For versions n/a through 3.2.2, update to a version later than 3.2.2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WebToffee Order Export & Order Import for WooCommerce versions n/a through 2.4.9 **Description** The issue is related to Deserialization of Untrusted Data, which affects the WebToffee Order Export & Order Import for WooCommerce plugin. This could potentially allow an attacker to exploit the vulnerability by manipulating the deserialization process. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For versions n/a through 2.4.9, update to a version later than 2.4.9 to resolve the issue. As a temporary workaround, consider restricting access to the plugin until a patch is available.

**Name of the Vulnerable Software and Affected Versions** WebToffee Import Export WordPress Users versions 2.5.3 and earlier **Description** The issue is related to the deserialization of untrusted data. This can potentially lead to security issues when untrusted data is processed by the WebToffee Import Export WordPress Users plugin. **Recommendations** For versions 2.5.3 and earlier, update to a version that contains a fix for this issue, if available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Import and export users and customers versions 1.26.2 and earlier **Description** The issue is related to the deserialization of untrusted data in Import and export users and customers. This can potentially lead to security risks. **Recommendations** For versions 1.26.2 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WP All Import Import Users from CSV versions 1.2 and earlier **Description** The issue is related to Deserialization of Untrusted Data, which affects the Import Users from CSV functionality. **Recommendations** For versions 1.2 and earlier, update to a version that contains a fix for this issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Timber versions 1.23.0 and earlier **Description** The issue is related to Deserialization of Untrusted Data, which can lead to remote code execution, especially when used with frameworks or developer code that have vulnerable POP chains. This is due to a lack of checking the input before passing it into the `file exists()` function, allowing an attacker to upload files of any type to the server and pass in the `phar://` protocol to unserialize the uploaded file and instantiate arbitrary PHP objects. **Recommendations** For Timber versions 1.23.0 and earlier, filter the `phar://` protocol to prevent exploitation. As a temporary workaround, consider restricting access to the `toJpg.php` file and the `run` function within it until a patch is available. Avoid using the `phar://` protocol in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** WP Import Export Lite versions 3.9.26 and earlier **Description** The issue is related to the deserialization of untrusted data. This can potentially lead to security risks. **Recommendations** For WP Import Export Lite versions 3.9.26 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.