CVE-2025-68531

CVE-2025-68531 applies to ModelTheme Addons for WPBakery and Elementor (modeltheme-addons-for-wpbakery). Deserialization of untrusted data allows PHP object injection in versions before 1.5.6; authenticated (Contributor+) exploit shown in PT-2026 advisories. Patch: upgrade to v1.5.6 or later. Imp...

CVE-2025-68531 WordPress ModelTheme Addons for WPBakery and Elementor plugin < 1.5.6 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in modeltheme ModelTheme Addons for WPBakery and Elementor modeltheme-addons-for-wpbakery allows Object Injection.This issue affects ModelTheme Addons for WPBakery and Elementor: from n/a through 1.5.6...

CVE-2025-68526

CVE-2025-68526 concerns the WordPress plugin Modal Popup Box (versions up to 1.6.1). The vulnerability is a deserialization of untrusted data leading to PHP object injection, causing full impact on confidentiality, integrity, and availability as described (CVSS 3.1 base score 8.8, high impact). A...

CVE-2025-68531 WordPress ModelTheme Addons for WPBakery and Elementor plugin < 1.5.6 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in modeltheme ModelTheme Addons for WPBakery and Elementor modeltheme-addons-for-wpbakery allows Object Injection.This issue affects ModelTheme Addons for WPBakery and Elementor: from n/a through 1.5.6...

CVE-2025-68526 WordPress Modal Popup Box plugin <= 1.6.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in A WP Life Modal Popup Box modal-popup-box allows Object Injection.This issue affects Modal Popup Box: from n/a through = 1.6.1...

CVE-2025-67997 WordPress Travelicious theme < 1.6.7 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in BoldThemes Travelicious travelicious allows Object Injection.This issue affects Travelicious: from n/a through 1.6.7...

CVE-2025-67996 WordPress Nestin theme < 1.2.6 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in BoldThemes Nestin nestin allows Object Injection.This issue affects Nestin: from n/a through 1.2.6...

CVE-2025-67997 WordPress Travelicious theme < 1.6.7 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in BoldThemes Travelicious travelicious allows Object Injection.This issue affects Travelicious: from n/a through 1.6.7...

CVE-2025-67995 WordPress PatioTime theme < 2.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in LoftOcean PatioTime patiotime allows Object Injection.This issue affects PatioTime: from n/a through 2.1...

CVE-2025-67997

Travelicious theme (WordPress) ≤ 1.6.6 is affected by a Deserialization of Untrusted Data PHP Object Injection vulnerability due to object deserialization in Travelicious (Travelicious) that allows unauthenticated exploitation. Affected software: Travelicious: from n/a through

CVE-2025-67996 WordPress Nestin theme < 1.2.6 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in BoldThemes Nestin nestin allows Object Injection.This issue affects Nestin: from n/a through 1.2.6...

CVE-2025-67995 WordPress PatioTime theme < 2.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in LoftOcean PatioTime patiotime allows Object Injection.This issue affects PatioTime: from n/a through 2.1...

CVE-2025-67996

CVE-2025-67996 : WordPress Nestin theme &lt; 1.2.6 suffers a Deserialization of Untrusted Data vulnerability leading to PHP Object Injection. Red Hat and NVD entries corroborate the issue, referring to Nestin’s affected range as “Nestin: from n/a through

CVE-2025-67995

The CVE-2025-67995 entry concerns PatioTime (WordPress theme by LoftOcean) &lt; 2.1, where deserialization of untrusted data enables PHP object injection. This aligns with Red Hat/NVD/NVD-enriched records and related Patchstack entries listing PatioTime

CVE-2026-25316

Deserialization of Untrusted Data vulnerability in Brainstorm Force CartFlows cartflows allows Object Injection.This issue affects CartFlows: from n/a through = 2.1.19...

CVE-2026-23542

Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Object Injection.This issue affects Grand Restaurant: from n/a through = 7.0.10...

CVE-2026-23544

Deserialization of Untrusted Data vulnerability in codetipi Valenti valenti allows Object Injection.This issue affects Valenti: from n/a through = 5.6.3.5...

CVE-2026-23549

Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Object Injection.This issue affects WpEvently: from n/a through = 5.1.1...

CVE-2026-22333

Deserialization of Untrusted Data vulnerability in YITHEMES YITH WooCommerce Compare yith-woocommerce-compare allows Object Injection.This issue affects YITH WooCommerce Compare: from n/a through = 3.6.0...

WordPress plugin Ippsum 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...