EUVD-2026-36884

Unauthenticated PHP Object Injection in Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms = 1.4.3 versions...

CVE-2026-49109

CVE-2026-49109 concerns the WordPress plugin set “Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms” (versions

EUVD-2026-36883

Unauthenticated PHP Object Injection in Integration for Contact Form 7 and Constant Contact = 1.1.6 versions...

CVE-2026-49106 WordPress Integration for Contact Form 7 and Constant Contact plugin <= 1.1.6 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Integration for Contact Form 7 and Constant Contact = 1.1.6 versions...

CVE-2026-49106

The CVE-2026-49106 entry concerns the WordPress plugin “Integration for Contact Form 7 and Constant Contact” (versions ≤ 1.1.6). The vulnerability is an unauthenticated PHP Object Injection in that integration, enabling an attacker to potentially manipulate PHP objects without authentication. The...

CVE-2026-49105 WordPress WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.4 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms = 1.1.4 versions...

CVE-2026-49105 WordPress WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.4 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms = 1.1.4 versions...

CVE-2026-49105

CVE-2026-49105 concerns the WordPress plugin WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms, with affected versions

EUVD-2026-36881

Unauthenticated PHP Object Injection in Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms = 1.2.1 versions...

CVE-2026-49104 WordPress Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin <= 1.2.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms = 1.2.1 versions...

CVE-2026-49104

CVE-2026-49104 affects the WordPress plugin “Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms” (versions

CVE-2026-49085 WordPress WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.4 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms = 1.1.4 versions...

EUVD-2026-36880

Unauthenticated PHP Object Injection in WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms = 1.1.4 versions...

CVE-2026-49085

CVE-2026-49085 affects the WP Insightly plugin for WordPress when used with Contact Form 7, WPForms, Elementor, Formidable, and Ninja Forms (versions

CVE-2026-49085 WordPress WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.4 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms = 1.1.4 versions...

EUVD-2026-36835

Unauthenticated PHP Object Injection in EventPrime = 4.3.2.1 versions...

CVE-2026-42687 WordPress EventPrime plugin <= 4.3.2.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in EventPrime = 4.3.2.1 versions...

CVE-2026-42687

The CVE-2026-42687 entry concerns the WordPress EventPrime plugin (versions ≤ 4.3.2.1). It describes an unauthenticated PHP Object Injection vulnerability in EventPrime, with a CVSS v3.1 base score of 8.1 (HIGH) and a network attack vector, no user interaction, and high impact on confidentiality,...

CVE-2026-42687 WordPress EventPrime plugin <= 4.3.2.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in EventPrime = 4.3.2.1 versions...

CVE-2026-39532 WordPress Events Calendar for GeoDirectory plugin <= 2.3.25 - PHP Object Injection vulnerability

Contributor PHP Object Injection in Events Calendar for GeoDirectory = 2.3.25 versions...