8074 matches found
CVE-2025-60213 WordPress Scape theme <= 1.5.13 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Whitebox-Studio Scape scape allows Object Injection.This issue affects Scape: from n/a through = 1.5.13...
CVE-2025-60210 WordPress Everest Forms - Frontend Listing plugin <= 1.0.5 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in wpeverest Everest Forms - Frontend Listing everest-forms-frontend-listing allows Object Injection.This issue affects Everest Forms - Frontend Listing: from n/a through = 1.0.5...
CVE-2025-60212 WordPress VEDA Theme <= 4.2 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in designthemes VEDA veda allows Object Injection.This issue affects VEDA: from n/a through = 4.2...
CVE-2025-60210
CVE-2025-60210 affects WordPress plugin Everest Forms - Frontend Listing (versions up to and including 1.0.5). The issue is a Deserialization of Untrusted Data leading to PHP Object Injection in everest-forms-frontend-listing. Descriptions across NVD/Red Hat/EUVD/CVE List indicate high-severity i...
CVE-2025-60212 WordPress VEDA Theme <= 4.2 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in designthemes VEDA veda allows Object Injection.This issue affects VEDA: from n/a through = 4.2...
CVE-2025-60213
The vulnerability CVE-2025-60213 concerns a Deserialization of Untrusted Data issue in the WordPress Scape theme (versions up to and including 1.5.13). The root cause is PHP object injection via deserializing untrusted data, affecting the Scape component. The issue is rated CRITICAL (CVSS 3.1: 9....
CVE-2025-60208 WordPress Advanced Custom Fields : CPT Options Pages plugin <= 2.0.9 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Tusko Trush Advanced Custom Fields : CPT Options Pages acf-cpt-options-pages allows Object Injection.This issue affects Advanced Custom Fields : CPT Options Pages: from n/a through = 2.0.9...
CVE-2025-60209 WordPress Connector for Gravity Forms and Google Sheets plugin <= 1.2.6 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets wp-gravity-forms-spreadsheets allows Object Injection.This issue affects Connector for Gravity Forms and Google Sheets: from n/a through = 1.2.6...
CVE-2025-60209 WordPress Connector for Gravity Forms and Google Sheets plugin <= 1.2.6 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets wp-gravity-forms-spreadsheets allows Object Injection.This issue affects Connector for Gravity Forms and Google Sheets: from n/a through = 1.2.6...
CVE-2025-60208 WordPress Advanced Custom Fields : CPT Options Pages plugin <= 2.0.9 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Tusko Trush Advanced Custom Fields : CPT Options Pages acf-cpt-options-pages allows Object Injection.This issue affects Advanced Custom Fields : CPT Options Pages: from n/a through = 2.0.9...
CVE-2025-60208
CVE-2025-60208 concerns the WordPress plugin Advanced Custom Fields: CPT Options Pages (acp-cpt-options-pages) up to version 2.0.9. Multiple connected sources confirm a Cross-Site Request Forgery (CSRF) vulnerability that enables Object Injection. The issue affects versions listed as n/a through
CVE-2025-60209
The CVE-2025-60209 issue is a Deserialization of Untrusted Data vulnerability in the WordPress plugin “Connector for Gravity Forms and Google Sheets” (wp-gravity-forms-spreadsheets), affecting versions up to 1.2.6. All connected sources describe it as PHP Object Injection resulting from untrusted...
CVE-2025-60039
CVE-2025-60039 affects the WordPress theme Noisa (
CVE-2025-60039 WordPress Noisa theme <= 2.6.0 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in rascals Noisa noisa allows Object Injection.This issue affects Noisa: from n/a through = 2.6.0...
CVE-2025-59007
CVE-2025-59007 describes a Deserialization of Untrusted Data vulnerability in the WordPress plugin TF Woo Product Grid Addon For Elementor (tf-woo-product-grid) up to version 1.0.1. The issue enables Object Injection due to unsafe deserialization of data, with the public records indicating a high...
CVE-2025-59007 WordPress TF Woo Product Grid Addon For Elementor Plugin <= 1.0.1 - Deserialization of untrusted data Vulnerability
Deserialization of Untrusted Data vulnerability in themesflat TF Woo Product Grid Addon For Elementor tf-woo-product-grid allows Object Injection.This issue affects TF Woo Product Grid Addon For Elementor: from n/a through = 1.0.1...
CVE-2025-59007 WordPress TF Woo Product Grid Addon For Elementor Plugin <= 1.0.1 - Deserialization of untrusted data Vulnerability
Deserialization of Untrusted Data vulnerability in themesflat TF Woo Product Grid Addon For Elementor tf-woo-product-grid allows Object Injection.This issue affects TF Woo Product Grid Addon For Elementor: from n/a through = 1.0.1...
CVE-2025-52740 WordPress Boldermail Plugin <= 2.4.0 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in Hernan Villanueva Boldermail boldermail allows Object Injection.This issue affects Boldermail: from n/a through = 2.4.0...
CVE-2025-52740 WordPress Boldermail Plugin <= 2.4.0 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in Hernan Villanueva Boldermail boldermail allows Object Injection.This issue affects Boldermail: from n/a through = 2.4.0...
CVE-2025-52740
The CVE-2025-52740 entry concerns WordPress Boldermail Plugin (2.4.0). Public references from Patchstack and PT-Security corroborate the object-injection vector and version range. Other sources summarize the same issue and describe the plugin’s function as an email marketing/automation tool, unde...