WordPress ProfileGrid plugin <= 5.9.4.5 - Authenticated (Subscriber+) PHP Object Injection vulnerability

Authenticated Subscriber+ PHP Object Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin ProfileGrid versions = 5.9.4.5...

WordPress Live Composer plugin <= 2.0.2 - Authenticated (Contributor+) PHP Object Injection via dslc_module_posts_output Shortcode vulnerability

Authenticated Contributor+ PHP Object Injection via dslcmodulepostsoutput Shortcode vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Page Builder: Live Composer versions = 2.0.2...

WordPress ZoomSounds - WordPress Wave Audio Player with Playlist plugin <= 6.91 - Unauthenticated PHP Object Injection vulnerability

WordPress ZoomSounds - WordPress Wave Audio Player with Playlist plugin = 6.91 - Unauthenticated PHP Object Injection vulnerability discovered by Lucio Sá in WordPress Plugin ZoomSounds versions = 6.91...

WordPress Directory Listings WordPress plugin - uListing plugin <= 2.2.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Meta Update and PHP Object Injection vulnerability

WordPress Directory Listings WordPress plugin - uListing plugin = 2.2.0 - Missing Authorization to Authenticated Subscriber+ Arbitrary Post Meta Update and PHP Object Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin uListing versions = 2.2.0...

WordPress CiyaShop - Multipurpose WooCommerce Theme plugin <= 4.19.0 - Unauthenticated PHP Object Injection vulnerability

WordPress CiyaShop - Multipurpose WooCommerce Theme plugin = 4.19.0 - Unauthenticated PHP Object Injection vulnerability discovered by Lucio Sá in WordPress Theme CiyaShop versions = 4.19.0...

WordPress Database for Contact Form 7, WPforms, Elementor forms plugin <= 1.4.3 - Unauthenticated PHP Object Injection to Arbitrary File Deletion vulnerability

Unauthenticated PHP Object Injection to Arbitrary File Deletion vulnerability discovered by mikemyers in WordPress Plugin Contact Form Entries versions = 1.4.3...

WordPress AI Power: Complete AI Pack plugin <= 1.8.96 - Authenticated (Admin+) PHP Object Injection via wpaicg_export_prompts vulnerability

Authenticated Admin+ PHP Object Injection via wpaicgexportprompts vulnerability discovered by Tran Anh Duc in WordPress Plugin GPT3 AI Content Writer versions = 1.8.96...

WordPress GiveWP plugin <= 3.19.2 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability discovered by PetrusViet in WordPress Plugin GiveWP versions = 3.19.2...

WordPress Tech Life CPT plugin <= 16.4 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Tech Life CPT versions = 16.4...

WordPress Dental Care CPT plugin <= 20.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Dental Care CPT versions = 20.2...

Exploit for Deserialization of Untrusted Data in Givewp

CVE-2025-22777-GiveWP-Plugin-PHP-Object-Injec...

CVE-2025-68038

Deserialization of Untrusted Data vulnerability in Icegram Icegram Express Pro email-subscribers-premium allows Object Injection.This issue affects Icegram Express Pro: from n/a through 5.9.14...

EUVD-2025-205272

Deserialization of Untrusted Data vulnerability in Icegram Icegram Express Pro email-subscribers-premium allows Object Injection.This issue affects Icegram Express Pro: from n/a through = 5.9.11...

CVE-2025-68038

Deserialization of Untrusted Data vulnerability in Icegram Icegram Express Pro email-subscribers-premium allows Object Injection.This issue affects Icegram Express Pro: from n/a through 5.9.14...

CVE-2025-68038 WordPress Icegram Express Pro plugin < 5.9.14 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Icegram Icegram Express Pro email-subscribers-premium allows Object Injection.This issue affects Icegram Express Pro: from n/a through 5.9.14...

CVE-2025-68038

CVE-2025-68038 relates to a deserialization/ PHP Object Injection vulnerability in WordPress Icegram Express Pro plugin (email-subscribers-premium). Affected: Icegram Express Pro versions up to

CVE-2025-68038 WordPress Icegram Express Pro plugin < 5.9.14 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Icegram Icegram Express Pro email-subscribers-premium allows Object Injection.This issue affects Icegram Express Pro: from n/a through 5.9.14...

WordPress plugin Icegram Express Pro 安全漏洞

WordPress Icegram Express Pro plugin is an advanced email marketing automation tool designed for WordPress websites. WordPress Icegram Express Pro plugin suffers from a deserialization vulnerability that stems from unsafe deserialization of serialized data received by the application from users,...

PT-2025-53251

Name of the Vulnerable Software and Affected Versions Icegram Icegram Express Pro versions through 5.9.11 Description A flaw exists in Icegram Icegram Express Pro email-subscribers-premium related to the deserialization of untrusted data, potentially leading to object injection. Recommendations...

LangChain serialization injection vulnerability enables secret extraction in dumps/loads APIs

Summary A serialization injection vulnerability exists in LangChain's dumps and dumpd functions. The functions do not escape dictionaries with 'lc' keys when serializing free-form dictionaries. The 'lc' key is used internally by LangChain to mark serialized objects. When user-controlled data...