CVE-2025-26866 Apache HugeGraph-Server: RAFT and deserialization vulnerability

A remote code execution vulnerability exists where a malicious Raft node can exploit insecure Hessian deserialization within the PD store. The fix enforces IP-based authentication to restrict cluster membership and implements a strict class whitelist to harden the Hessian serialization process...

EUVD-2025-202994

The Visitor Logic Lite plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.3 via deserialization of untrusted input from the lpblocks cookie. This is due to the lptrack function passing unsanitized cookie data directly to the unserialize function...

WordPress Visitor Logic Lite plugin <= 1.0.3 - Unauthenticated PHP Object Injection via 'lpblocks' Cookie vulnerability

Unauthenticated PHP Object Injection via 'lpblocks' Cookie vulnerability discovered by Ivan Cese in WordPress Plugin Visitor Logic Lite versions = 1.0.3...

CVE-2025-14044

The Visitor Logic Lite plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.3 via deserialization of untrusted input from the lpblocks cookie. This is due to the lptrack function passing unsanitized cookie data directly to the unserialize function...

CVE-2025-14044

CVE-2025-14044 affects the WordPress plugin Visitor Logic Lite (up to 1.0.3). The issue is a PHP Object Injection via deserialization of unsanitized input from the lpblocks cookie, caused by lp_track() passing cookie data to unserialize(). The vulnerability is unauthenticated and could allow obje...

CVE-2025-14044 Visitor Logic Lite <= 1.0.3 - Unauthenticated PHP Object Injection via 'lpblocks' Cookie

The Visitor Logic Lite plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.3 via deserialization of untrusted input from the lpblocks cookie. This is due to the lptrack function passing unsanitized cookie data directly to the unserialize function...

CVE-2025-14044 Visitor Logic Lite <= 1.0.3 - Unauthenticated PHP Object Injection via 'lpblocks' Cookie

The Visitor Logic Lite plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.3 via deserialization of untrusted input from the lpblocks cookie. This is due to the lptrack function passing unsanitized cookie data directly to the unserialize function...

WordPress plugin Visitor Logic Lite 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

PT-2025-50846

The Visitor Logic Lite plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.3 via deserialization of untrusted input from the lpblocks cookie. This is due to the lp track function passing unsanitized cookie data directly to the unserialize function...

CVE-2025-67535

Deserialization of Untrusted Data vulnerability in Flipper Code - WordPress Development Company WP Maps wp-google-map-plugin allows Object Injection.This issue affects WP Maps: from n/a through = 4.8.6...

CVE-2025-67535

Deserialization of Untrusted Data vulnerability in Flipper Code - WordPress Development Company WP Maps wp-google-map-plugin allows Object Injection.This issue affects WP Maps: from n/a through = 4.8.6...

CVE-2025-67535 WordPress WP Maps plugin <= 4.8.6 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Flipper Code - WordPress Development Company WP Maps wp-google-map-plugin allows Object Injection.This issue affects WP Maps: from n/a through = 4.8.6...

CVE-2025-67535

CVE-2025-67535 affects the WordPress WP Maps plugin (wp-google-map-plugin)

CVE-2025-67535 WordPress WP Maps plugin <= 4.8.6 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Flipper Code - WordPress Development Company WP Maps wp-google-map-plugin allows Object Injection.This issue affects WP Maps: from n/a through = 4.8.6...

PT-2025-49911

CVE-2025-67535 Deserialization of Untrusted Data vulnerability in WePlugins - WordPress Development Company WP Maps wp-google-map-plugin allows Object Injection.This issue affects W… https://t.co/oSmbMyC08D...

WordPress plugin WP Maps 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

CVE-2025-66571

UNA CMS versions 9.0.0-RC1 - 14.0.0-RC4 contain a PHP object injection vulnerability in BxBaseMenuSetAclLevel.php where the profileid POST parameter is passed to PHP unserialize without proper handling, allowing remote, unauthenticated attackers to inject arbitrary PHP objects and potentially wri...

EUVD-2025-201274

UNA CMS versions 9.0.0-RC1 - 14.0.0-RC4 contain a PHP object injection vulnerability in BxBaseMenuSetAclLevel.php where the profileid POST parameter is passed to PHP unserialize without proper handling, allowing remote, unauthenticated attackers to inject arbitrary PHP objects and potentially wri...

CVE-2025-66571

UNA CMS versions 9.0.0-RC1 - 14.0.0-RC4 contain a PHP object injection vulnerability in BxBaseMenuSetAclLevel.php where the profileid POST parameter is passed to PHP unserialize without proper handling, allowing remote, unauthenticated attackers to inject arbitrary PHP objects and potentially wri...

CVE-2025-66571

UNA CMS versions 9.0.0-RC1 - 14.0.0-RC4 contain a PHP object injection vulnerability in BxBaseMenuSetAclLevel.php where the profileid POST parameter is passed to PHP unserialize without proper handling, allowing remote, unauthenticated attackers to inject arbitrary PHP objects and potentially wri...