8069 matches found
CVE-2026-0910 wpForo Forum <= 2.4.13 - Authenticated (Subscriber+) PHP Object Injection
The wpForo Forum plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.4.13 via deserialization of untrusted input in the 'wpforodisplayarraydata' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...
WordPress Slider Responsive Slideshow – Image slider, Gallery slideshow plugin <= 1.5.4 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Slider Responsive Slideshow – Image slider, Gallery slideshow versions = 1.5.4...
WordPress Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery plugin <= 1.6.0 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery versions = 1.6.0...
WordPress Lorem Ipsum | Books & Media Store theme <= 1.2.6 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Lorem Ipsum | Books & Media Store versions = 1.2.6...
WordPress Extreme Store theme <= 1.5.7 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Extreme Store versions = 1.5.7...
WordPress Prestige theme < 1.4.1 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Theme Prestige versions 1.4.1...
WordPress Modal Popup Box plugin <= 1.6.1 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Modal Popup Box versions = 1.6.1...
CVE-2026-1235 WP eCommerce <= 3.15.1 - Unauthenticated PHP Object Injection
The WP eCommerce WordPress plugin through 3.15.1 unserializes user input via ajax actions, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...
CVE-2026-1235
The WP eCommerce WordPress plugin through 3.15.1 unserializes user input via ajax actions, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...
CVE-2026-1235
CVE-2026-1235 concerns the WP eCommerce WordPress plugin (<= 3.15.1). The vulnerability arises from unserializing user input via AJAX actions, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog. Affected software is explicitly ...
CVE-2026-1235 WP eCommerce <= 3.15.1 - Unauthenticated PHP Object Injection
The WP eCommerce WordPress plugin through 3.15.1 unserializes user input via ajax actions, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...
WordPress plugin WP eCommerce 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
WordPress plugin wpForo Forum 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
PT-2026-7487
The WP eCommerce WordPress plugin through 3.15.1 unserializes user input via ajax actions, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...
Prototype Pollution
Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Prototype Pollution via the mergeConfig function. An attacker can cause the application to crash by supplying a malicious configuration object containing ...
WordPress Travelicious theme < 1.6.7 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Travelicious versions 1.6.7...
WordPress Nestin theme < 1.2.6 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Nestin versions 1.2.6...
WordPress PatioTime theme < 2.1 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme PatioTime versions 2.1...
WordPress Booking and Rental Manager plugin <= 2.5.9 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Booking and Rental Manager versions = 2.5.9...
WordPress Themesflat Elementor plugin <= 1.0.1 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Themesflat Elementor versions = 1.0.1...