8073 matches found
WordPress Everest Forms Pro plugin <= 1.9.7 - Unauthenticated PHP Object Injection via PHAR Deserialization in Form Signature vulnerability
Unauthenticated PHP Object Injection via PHAR Deserialization in Form Signature vulnerability discovered by Alex Thomas - Wordfence in WordPress Plugin Everest Forms Pro versions = 1.9.7...
WordPress plugin Everest Forms Pro 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...
PT-2025-45066
Name of the Vulnerable Software and Affected Versions Everest Forms Pro versions up to and including 1.9.7 Description The Everest Forms Pro plugin for WordPress is susceptible to PHP Object Injection due to deserialization of untrusted input within the mime content type function. This allows...
WordPress WP Maps plugin <= 4.8.6 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by kr0no in WordPress Plugin WP Maps versions = 4.8.6...
CVE-2025-64353
Deserialization of Untrusted Data vulnerability in Chouby Polylang polylang allows Object Injection.This issue affects Polylang: from n/a through = 3.7.3...
EUVD-2025-37339
Deserialization of Untrusted Data vulnerability in Chouby Polylang polylang allows Object Injection.This issue affects Polylang: from n/a through = 3.7.3...
CVE-2025-64353
Deserialization of Untrusted Data vulnerability in Chouby Polylang polylang allows Object Injection.This issue affects Polylang: from n/a through = 3.7.3...
CVE-2025-64353 WordPress Polylang plugin <= 3.7.3 - Deserialization of untrusted data vulnerability
Deserialization of Untrusted Data vulnerability in Chouby Polylang polylang allows Object Injection.This issue affects Polylang: from n/a through = 3.7.3...
CVE-2025-64353 WordPress Polylang plugin <= 3.7.3 - Deserialization of untrusted data vulnerability
Deserialization of Untrusted Data vulnerability in Chouby Polylang polylang allows Object Injection.This issue affects Polylang: from n/a through = 3.7.3...
CVE-2025-64353
CVE-2025-64353 affects the WordPress Polylang plugin up to version 3.7.3. A deserialization of untrusted data vulnerability leads to object injection, with potential for code execution as described across multiple sources (Polylang
PT-2025-44605
Name of the Vulnerable Software and Affected Versions Chouby Polylang versions through 3.7.3 Description The Polylang software contains a flaw related to the deserialization of untrusted data, which can lead to object injection. This issue allows for potential malicious code execution through the...
CVE-2025-4665
WordPress plugin Contact Form CFDB7 versions up to and including 1.3.2 are affected by a pre-authentication SQL injection vulnerability that cascades into insecure deserialization PHP Object Injection. The weakness arises due to insufficient validation of user input in plugin endpoints, allowing...
WordPress Jannah theme <= 7.6.0 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Jannah versions = 7.6.0...
EUVD-2025-36574
WordPress plugin Contact Form CFDB7 versions up to and including 1.3.2 are affected by a pre-authentication SQL injection vulnerability that cascades into insecure deserialization PHP Object Injection. The weakness arises due to insufficient validation of user input in plugin endpoints, allowing...
CVE-2025-4665
WordPress plugin Contact Form CFDB7 versions up to and including 1.3.2 are affected by a pre-authentication SQL injection vulnerability that cascades into insecure deserialization PHP Object Injection. The weakness arises due to insufficient validation of user input in plugin endpoints, allowing...
CVE-2025-4665
WordPress plugin Contact Form CFDB7 versions up to and including 1.3.2 are affected by a pre-authentication SQL injection vulnerability that cascades into insecure deserialization PHP Object Injection. The weakness arises due to insufficient validation of user input in plugin endpoints, allowing...
CVE-2025-4665
Summary: WordPress plugin Contact Form CFDB7, affected versions up to 1.3.2, suffers a pre-authentication SQL injection that cascades into insecure deserialization (PHP Object Injection). Root cause: insufficient input validation in plugin endpoints allows crafted payloads to influence backend qu...
CVE-2025-34292
Rox, the software running BeWelcome, contains a PHP object injection vulnerability resulting from deserialization of untrusted data. User-controlled input is passed to PHP's unserialize: the POST parameter formkitmemoryrecovery in \\RoxPostHandler::getCallbackAction and the 'memory cookie' read b...
PT-2025-44222
Name of the Vulnerable Software and Affected Versions Contact Form CFDB7 versions up to and including 1.3.2 Description The Contact Form CFDB7 plugin for WordPress is affected by a pre-authentication SQL injection that can lead to insecure deserialization PHP Object Injection. Insufficient...
CVE-2025-34292
Rox, the software running BeWelcome, contains a PHP object injection vulnerability resulting from deserialization of untrusted data. User-controlled input is passed to PHP's unserialize: the POST parameter formkitmemoryrecovery in \RoxPostHandler::getCallbackAction and the 'memory cookie' read by...