CVE-2026-25614

Blesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE-5680...

CVE-2026-24954

Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Object Injection.This issue affects WpEvently: from n/a through = 5.0.8...

CVE-2026-24954

Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Object Injection.This issue affects WpEvently: from n/a through = 5.0.8...

EUVD-2026-5193

Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Object Injection.This issue affects WpEvently: from n/a through = 5.0.8...

CVE-2026-24954 WordPress WpEvently plugin <= 5.0.8 - Deserialization of untrusted data vulnerability

Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Object Injection.This issue affects WpEvently: from n/a through = 5.0.8...

CVE-2026-24954

CVE-2026-24954 concerns the WordPress plugin WpEvently mage-eventpress. The vulnerability is due to deserialization of untrusted data, enabling object injection in the affected software. Affected versions are n/a through 5.0.8 for WpEvently mage-eventpress. Public records consistently describe th...

CVE-2026-24954 WordPress WpEvently plugin <= 5.0.8 - Deserialization of untrusted data vulnerability

Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Object Injection.This issue affects WpEvently: from n/a through = 5.0.8...

WordPress SevenHills theme <= 1.6.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme SevenHills versions = 1.6.2...

PT-2026-6332

Name of the Vulnerable Software and Affected Versions Blesta versions 3.x through 5.x before 5.13.3 Description The software contains a flaw that allows for object injection. This issue is also identified as CORE-5668. Recommendations Update to version 5.13.3 or later...

VulnCheck KEV: CVE-2024-12877

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.19.2 via deserialization of untrusted input from the donation form like 'firstName'. This makes it possible for unauthenticated attackers to...

PT-2026-6223

Name of the Vulnerable Software and Affected Versions WpEvently versions n/a through 5.0.8 Description The software contains a flaw due to deserialization of untrusted data, which allows for object injection. This issue impacts WpEvently mage-eventpress. Recommendations Update WpEvently to a...

Blesta 代码问题漏洞

Blesta is a customer relationship management system developed by Blesta Inc. Versions of Blesta prior to 5.13.3 contained a code vulnerability caused by object injection...

PT-2026-6331

Name of the Vulnerable Software and Affected Versions Blesta versions 3.x through 5.x before 5.13.3 Description The software contains a flaw that allows for object injection. This issue is also known as CORE-5680. Recommendations Update to version 5.13.3 or later...

WordPress plugin WpEvently 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

Blesta 代码问题漏洞

Blesta is a customer relationship management system developed by Blesta Inc. Versions of Blesta prior to 5.13.3 contained a code vulnerability caused by object injection...

CVE-2026-24737

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to one of the following methods or...

CVE-2026-24737

The CVE concerns jsPDF prior to 4.1.0, where control over Acroform module properties/methods (notably AcroformChoiceField.addOption, AcroformChoiceField.setOptions, AcroFormCheckBox.appearanceState, and AcroFormRadioButton.appearanceState) allowed injection of arbitrary PDF objects, including Jav...

jsPDF has PDF Injection in AcroFormChoiceField that allows Arbitrary JavaScript Execution

Impact User control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to one of the following methods or properties, a user can inject arbitrary PDF objects, such as...

WordPress Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin <= 1.6.4 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability discovered by Peter Thaleikis in WordPress Plugin Ultimate Store Kit Elementor Addons versions = 1.6.4...

WordPress GiveWP - Donation Plugin and Fundraising Platform plugin <= 3.14.1 - Unauthenticated PHP Object Injection to Remote Code Execution vulnerability

WordPress GiveWP - Donation Plugin and Fundraising Platform plugin = 3.14.1 - Unauthenticated PHP Object Injection to Remote Code Execution vulnerability discovered by villu164 in WordPress Plugin GiveWP versions = 3.14.1...