8072 matches found
CVE-2025-66055
Deserialization of Untrusted Data vulnerability in Icegram Email Subscribers & Newsletters email-subscribers allows Object Injection.This issue affects Email Subscribers & Newsletters: from n/a through = 5.9.10...
CVE-2025-66073 WordPress WP Webhooks plugin <= 3.3.8 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Cozmoslabs WP Webhooks wp-webhooks allows Object Injection.This issue affects WP Webhooks: from n/a through = 3.3.8...
CVE-2025-66073
CVE-2025-66073 describes a Deserialization of Untrusted Data vulnerability in the WordPress plugin WP Webhooks (wp-webhooks) by Cozmoslabs, affecting versions up to and including 3.3.8. The issue enables PHP object injection via deserialized data, enabling an attacker with Administrator+ privileg...
CVE-2025-66073 WordPress WP Webhooks plugin <= 3.3.8 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Cozmoslabs WP Webhooks wp-webhooks allows Object Injection.This issue affects WP Webhooks: from n/a through = 3.3.8...
CVE-2025-66055
CVE-2025-66055 describes a deserialization of untrusted data vulnerability in Icegram Email Subscribers & Newsletters (plugin: email-subscribers) that allows PHP object injection. Public references across multiple sources (NVD/ Red Hat/EUVD/CVE lists, Wordfence) state the affected range as WordPr...
CVE-2025-66055 WordPress Email Subscribers & Newsletters plugin <= 5.9.10 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Icegram Email Subscribers & Newsletters email-subscribers allows Object Injection.This issue affects Email Subscribers & Newsletters: from n/a through = 5.9.10...
CVE-2025-66055 WordPress Email Subscribers & Newsletters plugin <= 5.9.10 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Icegram Email Subscribers & Newsletters email-subscribers allows Object Injection.This issue affects Email Subscribers & Newsletters: from n/a through = 5.9.10...
WordPress plugin WP Webhooks 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...
PT-2025-47746
Deserialization of Untrusted Data vulnerability in Cozmoslabs WP Webhooks wp-webhooks allows Object Injection.This issue affects WP Webhooks: from n/a through = 3.3.8...
PT-2025-47731
Name of the Vulnerable Software and Affected Versions Icegram Email Subscribers & Newsletters versions through 5.9.10 Description A flaw exists in Icegram Email Subscribers & Newsletters related to the deserialization of untrusted data, which can lead to object injection. This issue impacts the...
CVE-2025-13145
The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.33.1. This is due to deserialization of untrusted data supplied via CSV file imports in the importsinglepostascsv function within...
CVE-2025-13081
Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Drupal core allows Object Injection.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before 11.2.8. Mitigation Mitigati...
EUVD-2025-198102
The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.33.1. This is due to deserialization of untrusted data supplied via CSV file imports in the importsinglepostascsv function within...
CVE-2025-13145
The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.33.1. This is due to deserialization of untrusted data supplied via CSV file imports in the importsinglepostascsv function within...
CVE-2025-13145 WP Import – Ultimate CSV XML Importer for WordPress <= 7.33.1 - Authenticated (Administrator+) PHP Object Injection via CSV Import
The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.33.1. This is due to deserialization of untrusted data supplied via CSV file imports in the importsinglepostascsv function within...
CVE-2025-13145 WP Import – Ultimate CSV XML Importer for WordPress <= 7.33.1 - Authenticated (Administrator+) PHP Object Injection via CSV Import
The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.33.1. This is due to deserialization of untrusted data supplied via CSV file imports in the importsinglepostascsv function within...
CVE-2025-13145
CVE-2025-13145 describes a PHP Object Injection vulnerability in the WordPress plugin WP Import – Ultimate CSV XML Importer for WordPress (versions up to and including 7.33.1). The issue arises from deserializing untrusted data during CSV imports in SingleImportExport.php (import_single_post_as_c...
WordPress plugin WP Import – Ultimate CSV XML Importer 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin WP...
PT-2025-47438
Name of the Vulnerable Software and Affected Versions WP Import – Ultimate CSV XML Importer for WordPress versions prior to 7.33.1 Description The WP Import – Ultimate CSV XML Importer for WordPress plugin is susceptible to PHP Object Injection due to the deserialization of untrusted data from CS...
WordPress WP Import – Ultimate CSV XML Importer for WordPress plugin <= 7.33.1 - Authenticated (Administrator+) PHP Object Injection via CSV Import vulnerability
Authenticated Administrator+ PHP Object Injection via CSV Import vulnerability discovered by WordFence in WordPress Plugin WP Ultimate CSV Importer versions = 7.33.1...