Lucene search
K

123 matches found

CVE
CVE
added yesterday13 views

CVE-2026-59518

CVE-2026-59518 affects the WordPress Directorist plugin (Directorist) versions up to 8.8.2. It is a PHP object-injection vulnerability caused by deserialization of untrusted data, with CVSS v3.1 base score 9.8 (Network, Low attack complexity, No privileges, No user interaction; Confidentiality/In...

9.8CVSS6.1AI score0.00564EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday15 views

CVE-2026-57371 WordPress WPJAM Basic plugin <= 7.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in denishua WPJAM Basic wpjam-basic allows Object Injection.This issue affects WPJAM Basic: from n/a through = 7.0...

8.8CVSS0.00518EPSS
Exploits0References1
OSV
OSV
added 2026/06/17 6:40 p.m.6 views

DRUPAL-CONTRIB-2026-050

The Plotly.js Graphing module provides a fully customizable implementation of the open source Plotly.js graphing library. The module stores some data as PHP-serialized strings. In some situations, malicious data can be written directly to the field. This can lead to an object injection...

8.1CVSS5.5AI score0.00161EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 12:47 p.m.21 views

CVE-2026-40752 WordPress Manufaktur Solutions theme <= 1.1.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Manufaktur Solutions = 1.1.1 versions...

8.1CVSS0.00308EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 12:47 p.m.30 views

CVE-2026-39445 WordPress Alukas theme < 3.0.0 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Alukas 3.0.0 versions...

8.1CVSS0.00395EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 8:57 p.m.24 views

CVE-2026-40739 WordPress LuxeDrive theme <= 1.4 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in LuxeDrive = 1.4 versions...

8.1CVSS0.0032EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 8:57 p.m.31 views

CVE-2026-39539 WordPress Alloggio - Hotel Booking theme <= 2.1.2 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Alloggio - Hotel Booking = 2.1.2 versions...

8.1CVSS0.00308EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.17 views

PT-2026-50081

Unauthenticated PHP Object Injection in SeaFood Company = 1.4 versions...

9.8CVSS5.4AI score0.00525EPSS
Exploits0References2
CVE
CVE
added 2026/06/15 8:18 p.m.18 views

CVE-2026-42687

The CVE-2026-42687 entry concerns the WordPress EventPrime plugin (versions ≤ 4.3.2.1). It describes an unauthenticated PHP Object Injection vulnerability in EventPrime, with a CVSS v3.1 base score of 8.1 (HIGH) and a network attack vector, no user interaction, and high impact on confidentiality,...

8.1CVSS5.3AI score0.00317EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:17 p.m.15 views

CVE-2026-39474

The CVE CVE-2026-39474 concerns the WordPress Post Duplicator plugin (versions

8.8CVSS5.3AI score0.00428EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:17 p.m.25 views

CVE-2026-39478

CVE-2026-39478 concerns the WordPress plugin “Anti-Malware Security and Brute-Force Firewall” (versions

8.8CVSS5.3AI score0.00428EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:17 p.m.16 views

CVE-2026-39471

CVE-2026-39471 affects the WordPress ShortPixel Image Optimizer plugin (

7.2CVSS5.3AI score0.00446EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.10 views

PT-2026-49509

Unauthenticated PHP Object Injection in Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms = 1.4.3 versions...

9.8CVSS5.3AI score0.00383EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/06/04 9:58 a.m.11 views

WordPress OttoKit plugin <= 1.1.27 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by daroo in WordPress Plugin OttoKit versions = 1.1.27...

9.8CVSS5.5AI score0.00383EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/16 3:45 p.m.8 views

WordPress LuxeDrive theme <= 1.4 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme LuxeDrive versions = 1.4...

5.8AI score0.0032EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/16 3:44 p.m.8 views

WordPress Laurits theme <= 1.5.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Laurits versions = 1.5.1...

5.8AI score0.0025EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/05 11:41 a.m.10 views

WordPress m2 | Construction and Tools Store theme <= 1.1.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme m2 | Construction and Tools Store versions = 1.1.2...

5.8AI score0.0051EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/03 11:20 a.m.5 views

WordPress Grand Wedding theme <= 3.1.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Grand Wedding versions = 3.1.0...

8.1CVSS6AI score0.0051EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/02/23 10:20 a.m.7 views

WordPress Tennis Club theme <= 1.2.3 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Tennis Club versions = 1.2.3...

9.8CVSS5.5AI score0.00375EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/27 11:29 a.m.6 views

WordPress PhotoMe theme <= 5.6.11 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme PhotoMe versions = 5.6.11...

9.8CVSS5.9AI score0.00375EPSS
Exploits0Affected Software1
Rows per page
Query Builder