WordPress Beelove theme <= 1.2.6 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Beelove versions = 1.2.6...

WordPress JS Archive List plugin <= 6.1.7 - Authenticated (Contributor+) PHP Object Injection via 'included' Shortcode Attribute vulnerability

Authenticated Contributor+ PHP Object Injection via 'included' Shortcode Attribute vulnerability discovered by WordFence in WordPress Plugin JS Archive List versions = 6.1.7...

VulnCheck KEV: CVE-2019-5434

An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize call on the "what" parameter in the "openads.spc" RPC method. Such vulnerability could be used to perform various types of attacks, e.g. exploit serialize-related PHP vulnerabilities...

CVE-2026-2020

The JS Archive List plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.1.7 via the 'included' shortcode attribute. This is due to the deserialization of untrusted input supplied via the 'included' parameter of the plugin's shortcode. This makes it...

EUVD-2026-10098

The JS Archive List plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.1.7 via the 'included' shortcode attribute. This is due to the deserialization of untrusted input supplied via the 'included' parameter of the plugin's shortcode. This makes it...

CVE-2026-2020

The JS Archive List plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.1.7 via the 'included' shortcode attribute. This is due to the deserialization of untrusted input supplied via the 'included' parameter of the plugin's shortcode. This makes it...

CVE-2026-2020 JS Archive List <= 6.1.7 - Authenticated (Contributor+) PHP Object Injection via 'included' Shortcode Attribute

The JS Archive List plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.1.7 via the 'included' shortcode attribute. This is due to the deserialization of untrusted input supplied via the 'included' parameter of the plugin's shortcode. This makes it...

CVE-2026-2020 JS Archive List <= 6.1.7 - Authenticated (Contributor+) PHP Object Injection via 'included' Shortcode Attribute

The JS Archive List plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.1.7 via the 'included' shortcode attribute. This is due to the deserialization of untrusted input supplied via the 'included' parameter of the plugin's shortcode. This makes it...

CVE-2026-2020

The JS Archive List plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.1.7 via the 'included' shortcode attribute. This is due to the deserialization of untrusted input supplied via the 'included' parameter of the plugin's shortcode. This makes it...

CVE-2026-2020

The WordPress JS Archive List plugin (all versions up to 6.1.7) is vulnerable to PHP Object Injection via the shortcodes’ included attribute. The vulnerability arises from deserializing untrusted input, enabling authenticated attackers with Contributor-level access or higher to inject a PHP objec...

WordPress plugin JS Archive List 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There we...

PT-2026-23813

Name of the Vulnerable Software and Affected Versions WordPress JS Archive List plugin versions up to and including 6.1.7 Description The JS Archive List plugin for WordPress is susceptible to PHP Object Injection through the 'included' shortcode attribute. This occurs because of the...

CVE-2026-2599

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.7 via deserialization of untrusted input in the 'downloadcsv' function. This makes it possible for unauthenticated attackers to inject a P...

CVE-2025-54001

Deserialization of Untrusted Data vulnerability in ThemeREX Classter classter allows Object Injection.This issue affects Classter: from n/a through = 2.5...

CVE-2026-23798

Deserialization of Untrusted Data vulnerability in blubrry PowerPress Podcasting powerpress allows Object Injection.This issue affects PowerPress Podcasting: from n/a through = 11.15.10...

CVE-2026-27417

Deserialization of Untrusted Data vulnerability in SeventhQueen Sweet Date sweetdate allows Object Injection.This issue affects Sweet Date: from n/a through 4.0.1...

CVE-2026-27439

Deserialization of Untrusted Data vulnerability in ThemeREX Dentario dentario allows Object Injection.This issue affects Dentario: from n/a through = 1.5...

CVE-2026-27369

Deserialization of Untrusted Data vulnerability in BoldThemes Celeste celeste allows Object Injection.This issue affects Celeste: from n/a through = 1.3.6...

CVE-2026-27338

Deserialization of Untrusted Data vulnerability in AivahThemes Car Zone carzone allows Object Injection.This issue affects Car Zone: from n/a through = 3.7...

CVE-2026-27437

Deserialization of Untrusted Data vulnerability in ThemeREX Tennis Club tennis-sportclub allows Object Injection.This issue affects Tennis Club: from n/a through = 1.2.3...