CVE-2026-39532

The CVE-2026-39532 affects WordPress plugin “Events Calendar for GeoDirectory” up to version 2.3.25, with a PHP Object Injection vulnerability in Contributor PHP Object Injection in Events Calendar for GeoDirectory <= 2.3.25. The associated CVSS v3.1 score is 8.8 (HIGH), vector: CVSS:3.1/AV:N/...

CVE-2026-39498 WordPress YayMail plugin <= 4.3.3 - PHP Object Injection vulnerability

Shop manager PHP Object Injection in YayMail = 4.3.3 versions...

CVE-2026-39499

The connected PatchStack entry documents a PHP Object Injection vulnerability in the WordPress plugin “Advanced Product Fields (Product Addons) for WooCommerce” (versions

CVE-2026-39498

The Connected document identifies CVE-2026-39498-related details: a PHP Object Injection vulnerability in the WordPress YayMail plugin , affecting versions ≤ 4.3.3 and discovered by daroo . No additional root-cause, impact, exploit, or remediation details are provided in the sources. Monitor for ...

CVE-2026-39499 WordPress Advanced Product Fields (Product Addons) for WooCommerce plugin <= 1.6.19 - PHP Object Injection vulnerability

Shop manager PHP Object Injection in Advanced Product Fields Product Addons for WooCommerce = 1.6.19 versions...

CVE-2026-39481

CVE-2026-39481 affects the WordPress plugin Modula Image Gallery (versions up to 2.14.18). The issue is described as a PHP Object Injection vulnerability in the plugin, with the author component cited in the initial description. Providing concrete exploit details, affected files, or remediation s...

CVE-2026-39481 WordPress Modula Image Gallery plugin <= 2.14.18 - PHP Object Injection vulnerability

Author PHP Object Injection in Modula Image Gallery = 2.14.18 versions...

CVE-2026-39474 WordPress Post Duplicator plugin <= 3.0.10 - PHP Object Injection vulnerability

Contributor PHP Object Injection in Post Duplicator = 3.0.10 versions...

CVE-2026-39478 WordPress Anti-Malware Security and Brute-Force Firewall plugin <= 4.23.87 - PHP Object Injection vulnerability

Contributor PHP Object Injection in Anti-Malware Security and Brute-Force Firewall = 4.23.87 versions...

CVE-2026-39474

The CVE CVE-2026-39474 concerns the WordPress Post Duplicator plugin (versions

CVE-2026-39478

CVE-2026-39478 concerns the WordPress plugin “Anti-Malware Security and Brute-Force Firewall” (versions

CVE-2026-39472 WordPress WooCommerce PDF Invoices & Packing Slips plugin < 5.9.0 - PHP Object Injection vulnerability

Shop manager PHP Object Injection in WooCommerce PDF Invoices & Packing Slips 5.9.0 versions...

CVE-2026-39472

The CVE-2026-39472 affects the WordPress WooCommerce PDF Invoices & Packing Slips plugin prior to version 5.9.0, where a PHP Object Injection vulnerability was reported affecting shop manager operations. The root cause is a PHP Object Injection flaw in this plugin version, with CVSS 3.1 base metr...

CVE-2026-39471

CVE-2026-39471 affects the WordPress ShortPixel Image Optimizer plugin (

CVE-2026-39471 WordPress ShortPixel Image Optimizer plugin <= 6.4.3 - PHP Object Injection vulnerability

Author PHP Object Injection in ShortPixel Image Optimizer = 6.4.3 versions...

CVE-2026-39471 WordPress ShortPixel Image Optimizer plugin <= 6.4.3 - PHP Object Injection vulnerability

Author PHP Object Injection in ShortPixel Image Optimizer = 6.4.3 versions...

CVE-2026-39434 WordPress CTX Feed plugin <= 6.6.26 - PHP Object Injection vulnerability

Shop manager PHP Object Injection in CTX Feed = 6.6.26 versions...

CVE-2026-39434

CVE-2026-39434 affects WordPress CTX Feed plugin (WebAppick CTX Feed) versions

CVE-2026-27053

The CVE concerns WordPress plugin Broadcast Live Video (versions

CVE-2026-9691 WordPress Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms = 1.1.1 versions...