Lucene search
K

8099 matches found

RedhatCVE
RedhatCVE
added 2026/03/06 7:52 a.m.4 views

CVE-2026-22473

Deserialization of Untrusted Data vulnerability in designthemes Dental Clinic dental allows Object Injection.This issue affects Dental Clinic: from n/a through = 3.7...

8.8CVSS5.8AI score0.00368EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/03/06 7:29 a.m.8 views

WordPress Database for Contact Form 7, WPforms, Elementor forms plugin <= 1.4.7 - Unauthenticated PHP Object Injection via 'download_csv' vulnerability

Unauthenticated PHP Object Injection via 'downloadcsv' vulnerability discovered by Chiao-Lin Yu Steven Meow - Trend Micro in WordPress Plugin Contact Form Entries versions = 1.4.7...

9.8CVSS5.8AI score0.00519EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/03/05 3:30 p.m.5 views

EUVD-2026-9818

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.7 via deserialization of untrusted input in the 'downloadcsv' function. This makes it possible for unauthenticated attackers to inject a P...

9.8CVSS6.2AI score0.00519EPSS
Exploits0References5
NVD
NVD
added 2026/03/05 1:16 p.m.10 views

CVE-2026-2599

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.7 via deserialization of untrusted input in the 'downloadcsv' function. This makes it possible for unauthenticated attackers to inject a P...

9.8CVSS0.00519EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/05 12:26 p.m.4 views

CVE-2026-2599 Database for Contact Form 7, WPforms, Elementor forms <= 1.4.7 - Unauthenticated PHP Object Injection via 'download_csv'

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.7 via deserialization of untrusted input in the 'downloadcsv' function. This makes it possible for unauthenticated attackers to inject a P...

9.8CVSS6AI score0.00519EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/05 12:26 p.m.5 views

CVE-2026-2599

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.7 via deserialization of untrusted input in the 'downloadcsv' function. This makes it possible for unauthenticated attackers to inject a P...

9.8CVSS6.2AI score0.00519EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/05 12:26 p.m.36 views

CVE-2026-2599 Database for Contact Form 7, WPforms, Elementor forms <= 1.4.7 - Unauthenticated PHP Object Injection via 'download_csv'

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.7 via deserialization of untrusted input in the 'downloadcsv' function. This makes it possible for unauthenticated attackers to inject a P...

9.8CVSS0.00519EPSS
Exploits0References4
CVE
CVE
added 2026/03/05 12:26 p.m.44 views

CVE-2026-2599

CVE-2026-2599 : The WordPress plugin cluster “Database for Contact Form 7, WPforms, Elementor forms” is affected by an unauthenticated PHP Object Injection via deserialization in the download_csv function (vulnerable through 1.4.7). The vulnerability alone has no impact unless a PHP Object Payloa...

9.8CVSS6.2AI score0.00519EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/03/05 11:42 a.m.5 views

WordPress Morning Records theme <= 1.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Morning Records versions = 1.2...

5.8AI score0.00395EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/05 11:41 a.m.9 views

WordPress m2 | Construction and Tools Store theme <= 1.1.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme m2 | Construction and Tools Store versions = 1.1.2...

5.8AI score0.0051EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/05 10:25 a.m.6 views

WordPress Product Feed for WooCommerce plugin <= 2.3.3 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Mrreee in WordPress Plugin Product Feed for WooCommerce versions = 2.3.3...

5.8AI score0.00503EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/05 10:2 a.m.7 views

WordPress Bus Ticket Booking with Seat Reservation plugin <= 5.6.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by daroo in WordPress Plugin Bus Ticket Booking with Seat Reservation versions = 5.6.0...

5.8AI score0.00375EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/03/05 6:30 a.m.16 views

EUVD-2026-9760

Deserialization of Untrusted Data vulnerability in ThemeREX Good Energy goodenergy allows Object Injection.This issue affects Good Energy: from n/a through = 1.7.7...

9.8CVSS5.9AI score0.00375EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/05 6:30 a.m.4 views

EUVD-2026-9732

Deserialization of Untrusted Data vulnerability in ThemeREX Pizza House pizzahouse allows Object Injection.This issue affects Pizza House: from n/a through = 1.4.0...

9.8CVSS5.9AI score0.00375EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/05 6:30 a.m.7 views

EUVD-2026-9627

Deserialization of Untrusted Data vulnerability in BoldThemes Celeste celeste allows Object Injection.This issue affects Celeste: from n/a through = 1.3.6...

5.9AI score0.00308EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/05 6:30 a.m.6 views

EUVD-2026-9648

Deserialization of Untrusted Data vulnerability in ThemeREX Tennis Club tennis-sportclub allows Object Injection.This issue affects Tennis Club: from n/a through = 1.2.3...

5.9AI score0.00375EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/05 6:30 a.m.5 views

EUVD-2026-9633

Deserialization of Untrusted Data vulnerability in NextScripts NextScripts social-networks-auto-poster-facebook-twitter-g allows Object Injection.This issue affects NextScripts: from n/a through = 4.4.7...

5.9AI score0.00355EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/05 6:30 a.m.9 views

EUVD-2026-9646

Deserialization of Untrusted Data vulnerability in SeventhQueen Sweet Date sweetdate allows Object Injection.This issue affects Sweet Date: from n/a through 4.0.1...

5.9AI score0.00375EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/05 6:30 a.m.7 views

EUVD-2026-9650

Deserialization of Untrusted Data vulnerability in ThemeREX Dentario dentario allows Object Injection.This issue affects Dentario: from n/a through = 1.5...

5.9AI score0.00375EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/05 6:30 a.m.5 views

EUVD-2026-9649

Deserialization of Untrusted Data vulnerability in ThemeREX Kingler kingler allows Object Injection.This issue affects Kingler: from n/a through = 1.7...

5.9AI score0.00375EPSS
Exploits0References2
Rows per page
Query Builder