CVE-2026-1426

The Advanced AJAX Product Filters plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.9.6 via deserialization of untrusted input in the shortcodecheck function within the Live Composer compatibility layer. This makes it possible for authenticated...

CVE-2026-1426 Advanced AJAX Product Filters <= 3.1.9.6 - Authenticated (Author+) PHP Object Injection via Live Composer Compatibility

The Advanced AJAX Product Filters plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.9.6 via deserialization of untrusted input in the shortcodecheck function within the Live Composer compatibility layer. This makes it possible for authenticated...

CVE-2026-1426 Advanced AJAX Product Filters <= 3.1.9.6 - Authenticated (Author+) PHP Object Injection via Live Composer Compatibility

The Advanced AJAX Product Filters plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.9.6 via deserialization of untrusted input in the shortcodecheck function within the Live Composer compatibility layer. This makes it possible for authenticated...

CVE-2026-1426

Technical details about CVE-2026-1426 are not publicly provided in the supplied documents; monitor for updates.

WordPress WpEvently plugin <= 5.1.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO in WordPress Plugin WpEvently versions = 5.1.1...

WordPress Valenti theme <= 5.6.3.5 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Valenti versions = 5.6.3.5...

WordPress Grand Restaurant theme <= 7.0.10 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Grand Restaurant versions = 7.0.10...

PT-2026-20435

Deserialization of Untrusted Data vulnerability in OpenText™ Directory Services allows Object Injection. The vulnerability could lead to remote code execution, denial of service, or privilege escalation. This issue affects Directory Services: from 10.5 through 26.1...

WordPress plugin Advanced AJAX Product Filters 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

PT-2026-20422

The Advanced AJAX Product Filters plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.9.6 via deserialization of untrusted input in the shortcode check function within the Live Composer compatibility layer. This makes it possible for authenticated...

WordPress Applay - Shortcodes plugin <= 3.7 - PHP Object Injection vulnerability

WordPress Applay - Shortcodes plugin = 3.7 - PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Applay - Shortcodes versions = 3.7...

WordPress Ippsum theme <= 1.2.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Bonds in WordPress Theme Ippsum versions = 1.2.0...

WordPress wpForo Forum plugin <= 2.4.13 - Authenticated (Subscriber+) PHP Object Injection vulnerability

Authenticated Subscriber+ PHP Object Injection vulnerability discovered by Webbernaut in WordPress Plugin wpForo Forum versions = 2.4.13...

WordPress Woocommerce Category Banner Management plugin <= 2.5.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Woocommerce Category Banner Management versions = 2.5.1...

WordPress WP eCommerce plugin <= 3.15.1 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability discovered by yiğit ibrahim sağlam in WordPress Plugin WP eCommerce versions = 3.15.1...

CVE-2026-0910

The wpForo Forum plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.4.13 via deserialization of untrusted input in the 'wpforodisplayarraydata' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

CVE-2026-1235

The WP eCommerce WordPress plugin through 3.15.1 unserializes user input via ajax actions, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...

CVE-2026-0910

The wpForo Forum plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.4.13 via deserialization of untrusted input in the 'wpforodisplayarraydata' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

CVE-2026-0910

wpForo Forum plugin for WordPress (versions up to 2.4.13) is vulnerable to PHP Object Injection via deserialization in wpforo_display_array_data. Exploitation requires an authenticated user with Subscriber-level access or higher. A POP chain must be present in another plugin or theme for practica...

CVE-2026-0910 wpForo Forum <= 2.4.13 - Authenticated (Subscriber+) PHP Object Injection

The wpForo Forum plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.4.13 via deserialization of untrusted input in the 'wpforodisplayarraydata' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...