8069 matches found
CVE-2026-24954
Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Object Injection.This issue affects WpEvently: from n/a through = 5.0.8...
CVE-2026-25615
Blesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE-5668...
CVE-2026-25614
Blesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE-5680...
WordPress Contact Manager plugin <= 9.1.1 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Skalucy in WordPress Plugin Contact Manager versions = 9.1.1...
UNA CMS <= 14.0.0-RC4 - PHP Object Injection
The vulnerability is located in the /template/scripts/BxBaseMenuSetAclLevel.php script. Specifically, within the BxBaseMenuSetAclLevel::getCode method. When calling this method, user input passed through the "profileid" POST parameter is not properly sanitized before being used in a call to the...
📄 Blesta 5.13.1 2Checkout PHP Object Injection
Blesta versions 3.0.0 through 5.13.1 suffer from a 2Checkout PHP object injection vulnerability. The vulnerabilities exist because user input passed through the invoices POST parameter or the item-ext-ref GET parameter when dispatching the Checkout2::validate or Checkout2::success method is not...
📄 Blesta 5.13.1 Admin Interface PHP Object Injection
Blesta versions 3.0.0 through 5.13.1 suffer from an administrative interface PHP object injection vulnerability. The vulnerabilities exist because user input passed through the vars and orderinfo POST parameters when dispatching the /app/controllers/adminclients.php script, and through the...
CVE-2026-25615
Blesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE-5668...
CVE-2026-25615
Blesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE-5668...
CVE-2026-25614
Blesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE-5680...
CVE-2026-25614
Blesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE-5680...
CVE-2026-25615
Blesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE-5668...
CVE-2026-25615
Blesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE-5668...
EUVD-2026-5171
Blesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE-5668...
CVE-2026-25615
Blesta 3.x–5.x prior to 5.13.3 is affected by CVE-2026-25615 (CORE-5668), a PHP object-injection vulnerability. Public details describe vulnerability through admin interfaces (admin_clients.php and admin_company_groups.php) where unserialize() is applied to unsanitized input, enabling injection o...
CVE-2026-25615
Blesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE-5668...
CVE-2026-25614
Blesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE-5680...
EUVD-2026-5170
Blesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE-5680...
CVE-2026-25614
Blesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE-5680...
CVE-2026-25614
Blesta 3.x–5.x prior to 5.13.3 is affected by an object injection vulnerability (CORE-5680). User input passed via invoices (POST) or item-ext-ref (GET) can reach unserialize() in Checkout2::validate()/Checkout2::success(), allowing arbitrary PHP objects to be injected. This enables potential rem...