Lucene search
K

457732 matches found

CVE
CVE
added 2026/06/16 8:57 p.m.15 views

CVE-2026-39539

Summary: CVE-2026-39539 concerns unauthenticated PHP Object Injection in the WordPress plugin/theme “Alloggio - Hotel Booking” versions ≤ 2.1.2. The affected component is the Alloggio Hotel Booking theme; the underlying issue is described as a PHP Object Injection vulnerability. The CVSS base sco...

8.1CVSS5.3AI score0.00308EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 8:57 p.m.13 views

CVE-2026-39529

The CVE identifies an unauthenticated PHP Object Injection in WordPress Elementra theme

9.8CVSS5.3AI score0.00375EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 8:57 p.m.20 views

CVE-2026-39443 WordPress EmallShop theme <= 2.4.21 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in EmallShop = 2.4.21 versions...

8.1CVSS0.00308EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 8:57 p.m.12 views

CVE-2026-39446

The CVE-2026-39446 entry describes an unauthenticated PHP Object Injection in WordPress Kapee theme versions prior to 1.7.0. The root cause is a PHP object injection flaw in the Kapee theme’s code path, enabling an attacker with network access and no user interaction to trigger impact. Impact is ...

8.1CVSS5.3AI score0.00308EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 8:57 p.m.22 views

CVE-2026-39446 WordPress Kapee theme < 1.7.0 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Kapee 1.7.0 versions...

8.1CVSS0.00308EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 8:57 p.m.12 views

CVE-2026-39443

CVE-2026-39443 affects the WordPress EmallShop theme (versions &lt;= 2.4.21). It is an unauthenticated PHP object injection vulnerability. According to Patchstack metrics, impact is High for confidentiality, integrity, and availability, with CVSS 3.1: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H and a bas...

8.1CVSS5.3AI score0.00308EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 8:57 p.m.17 views

CVE-2026-39438

CVE-2026-39438 : Unauthenticated SQL Injection in the WordPress ListingPro plugin (versions

9.3CVSS5.7AI score0.00372EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 8:57 p.m.35 views

CVE-2026-39438 WordPress ListingPro plugin <= 2.9.10 - SQL Injection vulnerability

Unauthenticated SQL Injection in ListingPro = 2.9.10 versions...

9.3CVSS0.00372EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 8:57 p.m.10 views

CVE-2026-27429

CVE-2026-27429 concerns the WordPress Nifty theme (versions

9.8CVSS5.3AI score0.00556EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 8:57 p.m.18 views

CVE-2026-27429 WordPress Nifty theme <= 1.4.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Nifty = 1.4.1 versions...

9.8CVSS0.00556EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 8:57 p.m.24 views

CVE-2026-12256 WordPress Avada theme <= 3.15.3 - PHP Object Injection vulnerability

Contributor PHP Object Injection in Avada = 3.15.3 versions...

8.8CVSS0.00482EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 8:57 p.m.16 views

CVE-2026-12256

The CVE concerns WordPress sites using the Avada theme ≤ 3.15.3, where a PHP Object Injection vulnerability exists in the Contributor component. The issue is triggered remotely over the network (attack vector: NETWORK, low complexity, required privileges: LOW, no user interaction). The impact is ...

8.8CVSS5.3AI score0.00482EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 8:57 p.m.13 views

CVE-2025-69122

CVE-2025-69122 affects WordPress SeaFood Company theme versions up to 1.4. It describes an unauthenticated PHP Object Injection vulnerability with a CVSS v3.1 base score of 9.8 (NETWORK, NONE/LOW ACCESS, HIGH impact on confidentiality, integrity, and availability). The connected documents confirm...

9.8CVSS5.3AI score0.00525EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 8:57 p.m.20 views

CVE-2025-69122 WordPress SeaFood Company theme <= 1.4 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in SeaFood Company = 1.4 versions...

9.8CVSS0.00525EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 8:56 p.m.13 views

CVE-2025-69108

CVE-2025-69108 is an unauthenticated PHP Object Injection in the WordPress theme Hot Coffee (&lt;= 1.7). The description specifies unauthenticated object injection in Hot Coffee

9.8CVSS5.3AI score0.00525EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 8:56 p.m.27 views

CVE-2025-69108 WordPress Hot Coffee theme <= 1.7 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Hot Coffee = 1.7 versions...

9.8CVSS0.00525EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 8:56 p.m.19 views

CVE-2026-54194 WordPress Fusion Builder plugin <= 3.15.4 - PHP Object Injection vulnerability

Contributor PHP Object Injection in Fusion Builder = 3.15.4 versions...

9.8CVSS0.00386EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 8:56 p.m.14 views

CVE-2026-54194

CVE-2026-54194 concerns the WordPress Fusion Builder plugin, affected versions ≤ 3.15.4, with a PHP Object Injection vulnerability identified in the CVE record. The provided information confirms the affected component (Fusion Builder), the vulnerable version range, and the nature of the issue (PH...

9.8CVSS5.3AI score0.00386EPSS
Exploits0References1
NVD
NVD
added 2026/06/16 8:16 p.m.7 views

CVE-2026-22313

The device has a webserver that exposes a REST API authenticated with a token on the management network. By exploiting an OS command injection vulnerability an authenticated attacker can send arbitrary commands to the device that are executed with administrative permissions by the underlying...

9.1CVSS0.00921EPSS
Exploits0References1
NVD
NVD
added 2026/06/16 8:16 p.m.9 views

CVE-2026-12425

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in PowerSchool Employee Access Center allows Cross-Site Scripting XSS. This issue affects Employee Access Center: 23.10. It is possible to add in javascript code after the login URL and have it...

7.4CVSS0.00149EPSS
Exploits0References1
Rows per page
Query Builder