120 matches found
CVE-2025-47581
Deserialization of Untrusted Data vulnerability in elbisnero WordPress Events Calendar Registration & Tickets wpeventplus allows Object Injection.This issue affects WordPress Events Calendar Registration & Tickets: from n/a through = 2.6.0...
WordPress Crafts & Arts theme <= 2.5 - PHP Object Injection Vulnerability
PHP Object Injection Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Crafts & Arts versions = 2.5...
WordPress GrandTour theme <= 5.6 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Bonds in WordPress Theme Grand Tour versions = 5.6...
CVE-2025-32928
Deserialization of Untrusted Data vulnerability in ThemeGoods Altair altair allows Object Injection.This issue affects Altair: from n/a through = 5.2.2...
CVE-2025-32928 WordPress Altair theme <= 5.2.2 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in ThemeGoods Altair allows Object Injection.This issue affects Altair: from n/a through 5.2.2...
CVE-2025-39348 WordPress Grand Restaurant WordPress theme <= 7.0 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Object Injection.This issue affects Grand Restaurant: from n/a through = 7.0...
CVE-2025-39349 WordPress CiyaShop theme <= 4.18.0 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Potenzaglobalsolutions CiyaShop allows Object Injection.This issue affects CiyaShop: from n/a through 4.18.0...
CVE-2025-39410 WordPress Smart Sections Theme Builder - WPBakery Page Builder Addon plugin <= 1.7.8 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in themegusta Smart Sections Theme Builder - WPBakery Page Builder Addon.This issue affects Smart Sections Theme Builder - WPBakery Page Builder Addon: from n/a through 1.7.8...
CVE-2025-47581 WordPress WordPress Events Calendar Registration & Tickets plugin <= 2.6.0 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in elbisnero WordPress Events Calendar Registration & Tickets wpeventplus allows Object Injection.This issue affects WordPress Events Calendar Registration & Tickets: from n/a through = 2.6.0...
WordPress Jarvis – Night Club, Concert, Festival WordPress theme <= 1.8.11 - PHP Object Injection Vulnerability
PHP Object Injection Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Jarvis – Night Club, Concert, Festival WordPress versions = 1.8.11...
WordPress WP-CRM System plugin <= 3.4.5 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Ngo Bui Truong Vu in WordPress Plugin WP-CRM System versions = 3.4.5...
CVE-2025-46481 WordPress Flickr Shortcode Importer <= 2.2.3 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in Michael Cannon Flickr Shortcode Importer allows Object Injection. This issue affects Flickr Shortcode Importer: from n/a through 2.2.3...
WordPress Altair theme <= 5.2.2 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Bonds Patchstack Alliance in WordPress Theme Altair versions = 5.2.2...
CVE-2025-27287 WordPress SS Quiz Plugin <= 2.0.5 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in ssvadim SS Quiz ssquiz allows Object Injection.This issue affects SS Quiz: from n/a through = 2.0.5...
CVE-2025-32658 WordPress HelpGent plugin <= 2.2.4 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in wpWax HelpGent allows Object Injection. This issue affects HelpGent: from n/a through 2.2.4...
CVE-2025-39565
CVE-2025-39565 describes a PHP Object Injection via deserialization of untrusted data in the WordPress plugin MelaPress Login Security . Affected versions are from n/a through 2.1.0. Root cause: deserializing untrusted data that can lead to object injection. Impact per sources is high (confidenti...
WordPress Question Answer plugin <= 1.2.73 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by LVT-tholv2k in WordPress Plugin Question Answer versions = 1.2.73...
CVE-2025-32607 WordPress WpBookingly plugin <= 1.3.0 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in magepeopleteam WpBookingly service-booking-manager allows Object Injection.This issue affects WpBookingly: from n/a through = 1.3.0...
CVE-2025-32145 WordPress WpEvently plugin <= 4.3.5 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently allows Object Injection. This issue affects WpEvently: from n/a through 4.3.5...
Object Injection
drupal/core is vulnerable to Object Injection. The vulnerability is due to improperly controlled modification of dynamically-determined object attributes, which allows attackers to inject and manipulate objects within the application...