457732 matches found
CVE-2026-39539
Summary: CVE-2026-39539 concerns unauthenticated PHP Object Injection in the WordPress plugin/theme “Alloggio - Hotel Booking” versions ≤ 2.1.2. The affected component is the Alloggio Hotel Booking theme; the underlying issue is described as a PHP Object Injection vulnerability. The CVSS base sco...
CVE-2026-39529
The CVE identifies an unauthenticated PHP Object Injection in WordPress Elementra theme
CVE-2026-39443 WordPress EmallShop theme <= 2.4.21 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in EmallShop = 2.4.21 versions...
CVE-2026-39446
The CVE-2026-39446 entry describes an unauthenticated PHP Object Injection in WordPress Kapee theme versions prior to 1.7.0. The root cause is a PHP object injection flaw in the Kapee theme’s code path, enabling an attacker with network access and no user interaction to trigger impact. Impact is ...
CVE-2026-39446 WordPress Kapee theme < 1.7.0 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Kapee 1.7.0 versions...
CVE-2026-39443
CVE-2026-39443 affects the WordPress EmallShop theme (versions <= 2.4.21). It is an unauthenticated PHP object injection vulnerability. According to Patchstack metrics, impact is High for confidentiality, integrity, and availability, with CVSS 3.1: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H and a bas...
CVE-2026-39438
CVE-2026-39438 : Unauthenticated SQL Injection in the WordPress ListingPro plugin (versions
CVE-2026-39438 WordPress ListingPro plugin <= 2.9.10 - SQL Injection vulnerability
Unauthenticated SQL Injection in ListingPro = 2.9.10 versions...
CVE-2026-27429
CVE-2026-27429 concerns the WordPress Nifty theme (versions
CVE-2026-27429 WordPress Nifty theme <= 1.4.1 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Nifty = 1.4.1 versions...
CVE-2026-12256 WordPress Avada theme <= 3.15.3 - PHP Object Injection vulnerability
Contributor PHP Object Injection in Avada = 3.15.3 versions...
CVE-2026-12256
The CVE concerns WordPress sites using the Avada theme ≤ 3.15.3, where a PHP Object Injection vulnerability exists in the Contributor component. The issue is triggered remotely over the network (attack vector: NETWORK, low complexity, required privileges: LOW, no user interaction). The impact is ...
CVE-2025-69122
CVE-2025-69122 affects WordPress SeaFood Company theme versions up to 1.4. It describes an unauthenticated PHP Object Injection vulnerability with a CVSS v3.1 base score of 9.8 (NETWORK, NONE/LOW ACCESS, HIGH impact on confidentiality, integrity, and availability). The connected documents confirm...
CVE-2025-69122 WordPress SeaFood Company theme <= 1.4 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in SeaFood Company = 1.4 versions...
CVE-2025-69108
CVE-2025-69108 is an unauthenticated PHP Object Injection in the WordPress theme Hot Coffee (<= 1.7). The description specifies unauthenticated object injection in Hot Coffee
CVE-2025-69108 WordPress Hot Coffee theme <= 1.7 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Hot Coffee = 1.7 versions...
CVE-2026-54194 WordPress Fusion Builder plugin <= 3.15.4 - PHP Object Injection vulnerability
Contributor PHP Object Injection in Fusion Builder = 3.15.4 versions...
CVE-2026-54194
CVE-2026-54194 concerns the WordPress Fusion Builder plugin, affected versions ≤ 3.15.4, with a PHP Object Injection vulnerability identified in the CVE record. The provided information confirms the affected component (Fusion Builder), the vulnerable version range, and the nature of the issue (PH...
CVE-2026-22313
The device has a webserver that exposes a REST API authenticated with a token on the management network. By exploiting an OS command injection vulnerability an authenticated attacker can send arbitrary commands to the device that are executed with administrative permissions by the underlying...
CVE-2026-12425
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in PowerSchool Employee Access Center allows Cross-Site Scripting XSS. This issue affects Employee Access Center: 23.10. It is possible to add in javascript code after the login URL and have it...