Threat Database (2)

Threat Entry Updated 2025-02-25

CVE-2024-13789 - Ravpage Plugin

The ravpage plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.31 via deserialization of untrusted input from the 'paramsv2' parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may…

PLUGIN Ravpage

CVE-2024-13789

CRITICAL CVSS 9.8 2025-02-20

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-21

CVE-2022-29415 - Ravpage Plugin

Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in Mati Skiba @ Rav Messer's Ravpage plugin

PLUGIN Ravpage

CVE-2022-29415

MEDIUM CVSS 6.1 2022-04-28

Risk Score

Open Full Technical Breakdown

Blog

"Prevention is cheaper than a breach"

Threat Database

CVE-2024-13789 - Ravpage Plugin

CVE-2022-29415 - Ravpage Plugin

Company Links

Contact Us