Lucene search
K

8073 matches found

Patchstack
Patchstack
added 2025/11/05 1:16 a.m.8 views

WordPress Everest Forms Pro plugin <= 1.9.7 - Unauthenticated PHP Object Injection via PHAR Deserialization in Form Signature vulnerability

Unauthenticated PHP Object Injection via PHAR Deserialization in Form Signature vulnerability discovered by Alex Thomas - Wordfence in WordPress Plugin Everest Forms Pro versions = 1.9.7...

5.6CVSS7.4AI score0.00244EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/11/05 12:0 a.m.4 views

WordPress plugin Everest Forms Pro 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

5.6CVSS7.1AI score0.00244EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/05 12:0 a.m.7 views

PT-2025-45066

Name of the Vulnerable Software and Affected Versions Everest Forms Pro versions up to and including 1.9.7 Description The Everest Forms Pro plugin for WordPress is susceptible to PHP Object Injection due to deserialization of untrusted input within the mime content type function. This allows...

5.6CVSS6.8AI score0.00244EPSS
Exploits0References5
Patchstack
Patchstack
added 2025/11/02 2:34 p.m.5 views

WordPress WP Maps plugin <= 4.8.6 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by kr0no in WordPress Plugin WP Maps versions = 4.8.6...

6.5CVSS7.3AI score0.00303EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/11/01 12:4 p.m.9 views

CVE-2025-64353

Deserialization of Untrusted Data vulnerability in Chouby Polylang polylang allows Object Injection.This issue affects Polylang: from n/a through = 3.7.3...

8.8CVSS7AI score0.00332EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/31 12:30 p.m.6 views

EUVD-2025-37339

Deserialization of Untrusted Data vulnerability in Chouby Polylang polylang allows Object Injection.This issue affects Polylang: from n/a through = 3.7.3...

8.8CVSS6.5AI score0.00332EPSS
Exploits0References2
NVD
NVD
added 2025/10/31 12:15 p.m.6 views

CVE-2025-64353

Deserialization of Untrusted Data vulnerability in Chouby Polylang polylang allows Object Injection.This issue affects Polylang: from n/a through = 3.7.3...

8.8CVSS0.00332EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/31 11:42 a.m.5 views

CVE-2025-64353 WordPress Polylang plugin <= 3.7.3 - Deserialization of untrusted data vulnerability

Deserialization of Untrusted Data vulnerability in Chouby Polylang polylang allows Object Injection.This issue affects Polylang: from n/a through = 3.7.3...

8.8CVSS6.6AI score0.00332EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/31 11:42 a.m.5 views

CVE-2025-64353 WordPress Polylang plugin <= 3.7.3 - Deserialization of untrusted data vulnerability

Deserialization of Untrusted Data vulnerability in Chouby Polylang polylang allows Object Injection.This issue affects Polylang: from n/a through = 3.7.3...

8.8CVSS0.00332EPSS
Exploits0References1
CVE
CVE
added 2025/10/31 11:42 a.m.24 views

CVE-2025-64353

CVE-2025-64353 affects the WordPress Polylang plugin up to version 3.7.3. A deserialization of untrusted data vulnerability leads to object injection, with potential for code execution as described across multiple sources (Polylang

8.8CVSS6.6AI score0.00332EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/31 12:0 a.m.5 views

PT-2025-44605

Name of the Vulnerable Software and Affected Versions Chouby Polylang versions through 3.7.3 Description The Polylang software contains a flaw related to the deserialization of untrusted data, which can lead to object injection. This issue allows for potential malicious code execution through the...

8.8CVSS7.4AI score0.00332EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/10/30 12:12 a.m.15 views

CVE-2025-4665

WordPress plugin Contact Form CFDB7 versions up to and including 1.3.2 are affected by a pre-authentication SQL injection vulnerability that cascades into insecure deserialization PHP Object Injection. The weakness arises due to insufficient validation of user input in plugin endpoints, allowing...

9.6CVSS8AI score0.00316EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/10/29 5:10 a.m.5 views

WordPress Jannah theme <= 7.6.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Jannah versions = 7.6.0...

9.8CVSS7.3AI score0.00386EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2025/10/29 12:30 a.m.9 views

EUVD-2025-36574

WordPress plugin Contact Form CFDB7 versions up to and including 1.3.2 are affected by a pre-authentication SQL injection vulnerability that cascades into insecure deserialization PHP Object Injection. The weakness arises due to insufficient validation of user input in plugin endpoints, allowing...

9.6CVSS7.5AI score0.00316EPSS
Exploits0References3
NVD
NVD
added 2025/10/29 12:15 a.m.12 views

CVE-2025-4665

WordPress plugin Contact Form CFDB7 versions up to and including 1.3.2 are affected by a pre-authentication SQL injection vulnerability that cascades into insecure deserialization PHP Object Injection. The weakness arises due to insufficient validation of user input in plugin endpoints, allowing...

9.6CVSS0.00316EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/28 11:54 p.m.2 views

CVE-2025-4665

WordPress plugin Contact Form CFDB7 versions up to and including 1.3.2 are affected by a pre-authentication SQL injection vulnerability that cascades into insecure deserialization PHP Object Injection. The weakness arises due to insufficient validation of user input in plugin endpoints, allowing...

9.6CVSS7.6AI score0.00316EPSS
Exploits0References2
CVE
CVE
added 2025/10/28 11:54 p.m.22 views

CVE-2025-4665

Summary: WordPress plugin Contact Form CFDB7, affected versions up to 1.3.2, suffers a pre-authentication SQL injection that cascades into insecure deserialization (PHP Object Injection). Root cause: insufficient input validation in plugin endpoints allows crafted payloads to influence backend qu...

9.6CVSS7.6AI score0.00316EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/28 3:4 p.m.6 views

CVE-2025-34292

Rox, the software running BeWelcome, contains a PHP object injection vulnerability resulting from deserialization of untrusted data. User-controlled input is passed to PHP's unserialize: the POST parameter formkitmemoryrecovery in \\RoxPostHandler::getCallbackAction and the 'memory cookie' read b...

9.4CVSS8.5AI score0.0053EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/28 12:0 a.m.5 views

PT-2025-44222

Name of the Vulnerable Software and Affected Versions Contact Form CFDB7 versions up to and including 1.3.2 Description The Contact Form CFDB7 plugin for WordPress is affected by a pre-authentication SQL injection that can lead to insecure deserialization PHP Object Injection. Insufficient...

9.6CVSS7.3AI score0.00316EPSS
Exploits0References10
OSV
OSV
added 2025/10/27 3:15 p.m.6 views

CVE-2025-34292

Rox, the software running BeWelcome, contains a PHP object injection vulnerability resulting from deserialization of untrusted data. User-controlled input is passed to PHP's unserialize: the POST parameter formkitmemoryrecovery in \RoxPostHandler::getCallbackAction and the 'memory cookie' read by...

9.4CVSS8.3AI score
Exploits0References4
Rows per page
Query Builder