EUVD-2025-6410

Malicious code in bioql PyPI...

WordPress CiyaShop theme <= 4.18.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Bonds Patchstack Alliance in WordPress Theme CiyaShop versions = 4.18.0...

WordPress CiyaShop Theme <= 4.18.0 is vulnerable to PHP Object Injection

Software CiyaShop Type Theme Vulnerable versions = 4.18.0 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-39349 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 68a2f2e9e8f8 Credits Bonds Required privilege Unauthenticated Publishe...

CVE-2024-13824

The CiyaShop - Multipurpose WooCommerce Theme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.19.0 via deserialization of untrusted input in the 'addciyashopwishlist' and 'ciyashopgetcompare' functions. This makes it possible for unauthenticated...

CVE-2024-13824

The CiyaShop - Multipurpose WooCommerce Theme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.19.0 via deserialization of untrusted input in the 'addciyashopwishlist' and 'ciyashopgetcompare' functions. This makes it possible for unauthenticated...

CVE-2024-13824

The CiyaShop - Multipurpose WooCommerce Theme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.19.0 via deserialization of untrusted input in the 'addciyashopwishlist' and 'ciyashopgetcompare' functions. This makes it possible for unauthenticated...

CVE-2024-13824

CVE-2024-13824 affects the CiyaShop theme for WordPress. It is an unauthenticated PHP Object Injection vulnerability in all versions up to and including 4.19.0, caused by deserialization of untrusted input in the add_ciyashop_wishlist and ciyashop_get_compare functions. Impact requires a POP chai...