8067 matches found
CVE-2026-22474 WordPress Equestrian Centre theme <= 1.5 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in ThemeREX Equestrian Centre equestrian-centre allows Object Injection.This issue affects Equestrian Centre: from n/a through = 1.5...
CVE-2026-22473 WordPress Dental Clinic theme <= 3.7 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in designthemes Dental Clinic dental allows Object Injection.This issue affects Dental Clinic: from n/a through = 3.7...
CVE-2026-22471 WordPress Secudeal Payments for Ecommerce plugin <= 1.1 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in maximsecudeal Secudeal Payments for Ecommerce secudeal-payments-for-ecommerce allows Object Injection.This issue affects Secudeal Payments for Ecommerce: from n/a through = 1.1...
CVE-2026-22475 WordPress Estate theme <= 1.3.4 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in axiomthemes Estate estate allows Object Injection.This issue affects Estate: from n/a through = 1.3.4...
CVE-2026-22471 WordPress Secudeal Payments for Ecommerce plugin <= 1.1 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in maximsecudeal Secudeal Payments for Ecommerce secudeal-payments-for-ecommerce allows Object Injection.This issue affects Secudeal Payments for Ecommerce: from n/a through = 1.1...
CVE-2026-22473
CVE-2026-22473 affects the WordPress theme Dental Clinic (Designthemes) up to version 3.7. It is a Deserialization of Untrusted Data (PHP Object Injection) vulnerability that can be exploited by an authenticated attacker (Subscriber+) and has a high risk profile (CVSS 3.1: 8.8). Current connected...
CVE-2026-22475
CVE-2026-22475 describes a deserialization of untrusted data vulnerability in the WordPress theme Estate (vulnerable from n/a to 1.3.4). The root cause is unauthenticated PHP Object Injection due to deserializing untrusted input, enabling potential manipulation of objects within Estate. The CVSSv...
CVE-2026-22474 WordPress Equestrian Centre theme <= 1.5 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in ThemeREX Equestrian Centre equestrian-centre allows Object Injection.This issue affects Equestrian Centre: from n/a through = 1.5...
CVE-2026-22471
CVE-2026-22471 concerns the WordPress plugin Secudeal Payments for Ecommerce (versions n/a through 1.1). The issue is a PHP Object Injection via deserialization of untrusted data in the plugin, as described in the CVE entry. Connected sources confirm this vulnerability exists in Secudeal Payments...
CVE-2026-22473 WordPress Dental Clinic theme <= 3.7 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in designthemes Dental Clinic dental allows Object Injection.This issue affects Dental Clinic: from n/a through = 3.7...
CVE-2026-22454 WordPress Solaris theme <= 2.5 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in ThemeREX Solaris solaris allows Object Injection.This issue affects Solaris: from n/a through = 2.5...
CVE-2026-22453
CVE-2026-22453 is a deserialization-based PHP Object Injection vulnerability in the ThemeREX Pets Club WordPress theme (Pets Club) affecting versions up to 2.3. The issue arises from deserializing untrusted data, enabling object injection. The vulnerability is rated critical (CVSS 3.1 9.8) with n...
CVE-2026-22453 WordPress Pets Club theme <= 2.3 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in ThemeREX Pets Club petclub allows Object Injection.This issue affects Pets Club: from n/a through = 2.3...
CVE-2026-22453 WordPress Pets Club theme <= 2.3 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in ThemeREX Pets Club petclub allows Object Injection.This issue affects Pets Club: from n/a through = 2.3...
CVE-2026-22454 WordPress Solaris theme <= 2.5 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in ThemeREX Solaris solaris allows Object Injection.This issue affects Solaris: from n/a through = 2.5...
CVE-2026-22454
CVE-2026-22454 describes a Deserialization of Untrusted Data vulnerability in ThemeREX Solaris WordPress theme, enabling PHP Object Injection. Affected software is Solaris versions n/a through 2.5. The CVE entry indicates a high-impact issue with a CVSS v3.1 base score of 9.8 (Network, Low comple...
CVE-2026-22451 WordPress Handyman theme <= 1.4.7 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in AncoraThemes Handyman handyman-services allows Object Injection.This issue affects Handyman: from n/a through = 1.4.7...
CVE-2026-22451
CVE-2026-22451: WordPress Handyman theme Handyman (handyman-services) is affected by a Deserialization of Untrusted Data vulnerability enabling PHP Object Injection. The vulnerability affects Handyman versions up to 1.4.7 and is described as unauthenticated, with a CVSS v3.1 base score of 9.8 (CR...
CVE-2026-22451 WordPress Handyman theme <= 1.4.7 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in AncoraThemes Handyman handyman-services allows Object Injection.This issue affects Handyman: from n/a through = 1.4.7...
CVE-2026-22417
CVE-2026-22417 describes a deserialization of untrusted data vulnerability in the WordPress theme Grand Wedding (versions through 3.1.0). The issue enables unauthenticated PHP Object Injection via deserialization, with a CVSS v3.1 score of 9.8 (CRITICAL) and NETWORK attack vector, as reported by ...