8045 matches found
Drupal core 安全漏洞
Drupal Core is a free, open-source content management system developed in PHP by the Drupal community. There are security vulnerabilities in Drupal Core, which stem from improper control of dynamic object attribute determination, potentially leading to object injection attacks. The following...
WordPress coreActivity: Activity Logging for WordPress plugin <= 3.0 - Unauthenticated PHP Object Injection vulnerability
Unauthenticated PHP Object Injection vulnerability discovered by ? in WordPress Plugin coreActivity: Activity Logging plugin for WordPress versions = 3.0...
CVE-2026-7635
The coreActivity: Activity Logging for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0. This is due to the plugin failing to validate or strip PHP serialization syntax from the User-Agent HTTP header before storing it in the logmeta...
CVE-2026-7635 coreActivity: Activity Logging for WordPress <= 3.0 - Unauthenticated PHP Object Injection via 'user_agent' Log Meta Field
The coreActivity: Activity Logging for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0. This is due to the plugin failing to validate or strip PHP serialization syntax from the User-Agent HTTP header before storing it in the logmeta...
CVE-2026-7635
The CVE-2026-7635 entry concerns the coreActivity: Activity Logging for WordPress plugin for WordPress, affected up to version 3.0. The vulnerability arises from unsanitized PHP serialization in the User-Agent header stored to the logmeta table and later deserialized via maybe_unserialize() durin...
CVE-2026-7635 coreActivity: Activity Logging for WordPress <= 3.0 - Unauthenticated PHP Object Injection via 'user_agent' Log Meta Field
The coreActivity: Activity Logging for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0. This is due to the plugin failing to validate or strip PHP serialization syntax from the User-Agent HTTP header before storing it in the logmeta...
EUVD-2026-29901
The coreActivity: Activity Logging for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0. This is due to the plugin failing to validate or strip PHP serialization syntax from the User-Agent HTTP header before storing it in the logmeta...
PT-2026-40565
Name of the Vulnerable Software and Affected Versions coreActivity: Activity Logging for WordPress versions prior to 3.1 Description The plugin is susceptible to PHP Object Injection, a condition where untrusted data is passed to a deserialization function, potentially allowing the execution of...
WordPress plugin coreActivity 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There we...
WordPress User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin <= 4.3.1 - Authenticated (Subscriber+) PHP Object Injection vulnerability
Authenticated Subscriber+ PHP Object Injection vulnerability discovered by d.v4ns3c in WordPress Plugin WP User Frontend versions = 4.3.1...
CVE-2026-5127 User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration <= 4.3.1 - Authenticated (Subscriber+) PHP Object Injection
The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to Deserialization of Untrusted Data in versions up to, and including, 4.3.1 This is due to insufficient input validation and type checking on the wpuffiles...
CVE-2026-5127 User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration <= 4.3.1 - Authenticated (Subscriber+) PHP Object Injection
The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to Deserialization of Untrusted Data in versions up to, and including, 4.3.1 This is due to insufficient input validation and type checking on the wpuffiles...
SUSE CVE-2014-2027
eGroupware before 1.8.006.20140217 allows remote attackers to conduct PHP object injection attacks, delete arbitrary files, and possibly execute arbitrary code via the 1 addrfields or 2 trans parameter to addressbook/csvimport.php, 3 calfields or 4 trans parameter to calendar/csvimport.php, 5...
WordPress Profile Builder Pro plugin <= 3.14.5 - Unauthenticated PHP Object Injection vulnerability
Unauthenticated PHP Object Injection vulnerability discovered by 0xbro in WordPress Plugin Profile Builder Pro versions = 3.14.5...
CVE-2026-7647
The Profile Builder Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to and including 3.14.5. This is due to the use of PHP's maybeunserialize function on the attacker-controlled 'args' POST parameter within the wppbrequestuserspinsactioncallback AJAX handler, whi...
VulnCheck KEV: CVE-2026-3296
The Everest Forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.4.3 via deserialization of untrusted input from form entry metadata. This is due to the html-admin-page-entries-view.php file calling PHP's native unserialize on stored entry meta...
CVE-2026-7647
The Profile Builder Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to and including 3.14.5. This is due to the use of PHP's maybeunserialize function on the attacker-controlled 'args' POST parameter within the wppbrequestuserspinsactioncallback AJAX handler, whi...
CVE-2026-7647
The Profile Builder Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to and including 3.14.5. This is due to the use of PHP's maybeunserialize function on the attacker-controlled 'args' POST parameter within the wppbrequestuserspinsactioncallback AJAX handler, whi...
CVE-2026-7647 Profile Builder Pro <= 3.14.5 - Unauthenticated PHP Object Injection
The Profile Builder Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to and including 3.14.5. This is due to the use of PHP's maybeunserialize function on the attacker-controlled 'args' POST parameter within the wppbrequestuserspinsactioncallback AJAX handler, whi...
EUVD-2026-26750
The Profile Builder Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to and including 3.14.5. This is due to the use of PHP's maybeunserialize function on the attacker-controlled 'args' POST parameter within the wppbrequestuserspinsactioncallback AJAX handler, whi...