8067 matches found
CVE-2026-22474
Deserialization of Untrusted Data vulnerability in ThemeREX Equestrian Centre equestrian-centre allows Object Injection.This issue affects Equestrian Centre: from n/a through = 1.5...
CVE-2026-22475
Deserialization of Untrusted Data vulnerability in axiomthemes Estate estate allows Object Injection.This issue affects Estate: from n/a through = 1.3.4...
CVE-2026-22417
Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Wedding grandwedding allows Object Injection.This issue affects Grand Wedding: from n/a through 3.1.11...
CVE-2026-22471
Deserialization of Untrusted Data vulnerability in maximsecudeal Secudeal Payments for Ecommerce secudeal-payments-for-ecommerce allows Object Injection.This issue affects Secudeal Payments for Ecommerce: from n/a through = 1.1...
CVE-2026-22453
Deserialization of Untrusted Data vulnerability in ThemeREX Pets Club petclub allows Object Injection.This issue affects Pets Club: from n/a through = 2.3...
CVE-2026-22497
Deserialization of Untrusted Data vulnerability in AncoraThemes Jardi jardi allows Object Injection.This issue affects Jardi: from n/a through = 1.7.2...
CVE-2026-22473
Deserialization of Untrusted Data vulnerability in designthemes Dental Clinic dental allows Object Injection.This issue affects Dental Clinic: from n/a through = 3.7...
CVE-2026-22501
Deserialization of Untrusted Data vulnerability in axiomthemes Mounthood mounthood allows Object Injection.This issue affects Mounthood: from n/a through = 1.3.2...
CVE-2026-22451
Deserialization of Untrusted Data vulnerability in AncoraThemes Handyman handyman-services allows Object Injection.This issue affects Handyman: from n/a through = 1.4.7...
WordPress Database for Contact Form 7, WPforms, Elementor forms plugin <= 1.4.7 - Unauthenticated PHP Object Injection via 'download_csv' vulnerability
Unauthenticated PHP Object Injection via 'downloadcsv' vulnerability discovered by Chiao-Lin Yu Steven Meow - Trend Micro in WordPress Plugin Contact Form Entries versions = 1.4.7...
EUVD-2026-9818
The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.7 via deserialization of untrusted input in the 'downloadcsv' function. This makes it possible for unauthenticated attackers to inject a P...
CVE-2026-2599
The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.7 via deserialization of untrusted input in the 'downloadcsv' function. This makes it possible for unauthenticated attackers to inject a P...
CVE-2026-2599 Database for Contact Form 7, WPforms, Elementor forms <= 1.4.7 - Unauthenticated PHP Object Injection via 'download_csv'
The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.7 via deserialization of untrusted input in the 'downloadcsv' function. This makes it possible for unauthenticated attackers to inject a P...
CVE-2026-2599
The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.7 via deserialization of untrusted input in the 'downloadcsv' function. This makes it possible for unauthenticated attackers to inject a P...
CVE-2026-2599 Database for Contact Form 7, WPforms, Elementor forms <= 1.4.7 - Unauthenticated PHP Object Injection via 'download_csv'
The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.7 via deserialization of untrusted input in the 'downloadcsv' function. This makes it possible for unauthenticated attackers to inject a P...
CVE-2026-2599
CVE-2026-2599 : The WordPress plugin cluster “Database for Contact Form 7, WPforms, Elementor forms” is affected by an unauthenticated PHP Object Injection via deserialization in the download_csv function (vulnerable through 1.4.7). The vulnerability alone has no impact unless a PHP Object Payloa...
WordPress Morning Records theme <= 1.2 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Morning Records versions = 1.2...
WordPress m2 | Construction and Tools Store theme <= 1.1.2 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme m2 | Construction and Tools Store versions = 1.1.2...
WordPress Product Feed for WooCommerce plugin <= 2.3.3 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Mrreee in WordPress Plugin Product Feed for WooCommerce versions = 2.3.3...
WordPress Bus Ticket Booking with Seat Reservation plugin <= 5.6.0 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by daroo in WordPress Plugin Bus Ticket Booking with Seat Reservation versions = 5.6.0...