CVE-2026-24974

CVE-2026-24974 concerns the CitiLights WordPress Theme (noo-citilights) vulnerability: Deserialization of untrusted data enabling PHP object injection. Affected software: CitiLights Real Estate WordPress Theme (noo-citilights) versions up to and including 3.7.1. The issue is authenticated (Subscr...

CVE-2026-24378 WordPress EventPrime plugin <= 4.2.8.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Object Injection.This issue affects EventPrime: from n/a through = 4.2.8.0...

CVE-2026-24378 WordPress EventPrime plugin <= 4.2.8.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Object Injection.This issue affects EventPrime: from n/a through = 4.2.8.0...

CVE-2026-24378

CVE-2026-24378 describes a Deserialization of Untrusted Data flaw in EventPrime (Events Calendar, Bookings and Tickets) that enables unauthenticated PHP object injection. Affected: EventPrime

CVE-2026-23971 WordPress WoodMart theme <= 8.3.8 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in xtemos WoodMart woodmart allows Object Injection.This issue affects WoodMart: from n/a through = 8.3.8...

CVE-2026-23971 WordPress WoodMart theme <= 8.3.8 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in xtemos WoodMart woodmart allows Object Injection.This issue affects WoodMart: from n/a through = 8.3.8...

CVE-2026-23971

CVE-2026-23971 concerns a Deserialization of Untrusted Data vulnerability in the WordPress WoodMart theme (WoodMart) affecting versions from unknown up to and including 8.3.8. The underlying issue is PHP Object Injection via untrusted data deserialization, with a high impact profile (CVSS 3.1: 8....

CVE-2026-22510 WordPress Melody theme <= 1.6.3 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in AncoraThemes Melody melodyschool allows Object Injection.This issue affects Melody: from n/a through = 1.6.3...

CVE-2026-22510 WordPress Melody theme <= 1.6.3 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in AncoraThemes Melody melodyschool allows Object Injection.This issue affects Melody: from n/a through = 1.6.3...

CVE-2026-22510

CVE-2026-22510 is a real DESERIALIZATION vulnerability in the WordPress Melody theme (melodyschool), affecting Melody versions up to and including 1.6.3. The root cause is deserialization of untrusted data that enables PHP object injection. The CVSS base score is 8.1 (HIGH) with network attack ve...

CVE-2026-22505

CVE-2026-22505 describes a PHP object injection vulnerability due to deserialization of untrusted data in the WordPress theme Morning Records (Morning Records: Music Sound Studio WordPress Theme) up to version 1.2. Affected component is the Morning Records theme’s PHP deserialization path; exploi...

CVE-2026-22507 WordPress Beelove theme <= 1.2.6 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in AncoraThemes Beelove beelove allows Object Injection.This issue affects Beelove: from n/a through = 1.2.6...

CVE-2026-22507

CVE-2026-22507 describes a Deserialization of Untrusted Data vulnerability in the WordPress theme Beelove (AncoraThemes Beelove) up to version 1.2.6, allowing PHP object injection. Red Hat and ENISA ENISA-ENISA pages corroborate the same description. The issue affects Beelove: from n/a through

CVE-2026-22507 WordPress Beelove theme <= 1.2.6 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in AncoraThemes Beelove beelove allows Object Injection.This issue affects Beelove: from n/a through = 1.2.6...

CVE-2026-22505 WordPress Morning Records theme <= 1.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in AncoraThemes Morning Records morning-records allows Object Injection.This issue affects Morning Records: from n/a through = 1.2...

CVE-2026-22505 WordPress Morning Records theme <= 1.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in AncoraThemes Morning Records morning-records allows Object Injection.This issue affects Morning Records: from n/a through = 1.2...

CVE-2026-22500 WordPress m2 | Construction and Tools Store theme <= 1.1.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in axiomthemes m2 | Construction and Tools Store m2-ce allows Object Injection.This issue affects m2 | Construction and Tools Store: from n/a through = 1.1.2...

CVE-2026-22500

CVE-2026-22500 describes a PHP Object Injection flaw due to deserialization of untrusted data in the WordPress theme m2-ce (axiomthemes m2 | Construction and Tools Store), affected versions from n/a up to and including 1.1.2. Public Red Hat and CVE records confirm a deserialization/ object inject...

CVE-2026-22500 WordPress m2 | Construction and Tools Store theme <= 1.1.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in axiomthemes m2 | Construction and Tools Store m2-ce allows Object Injection.This issue affects m2 | Construction and Tools Store: from n/a through = 1.1.2...

CVE-2026-22480 WordPress Product Feed for WooCommerce plugin <= 2.3.3 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in WebToffee Product Feed for WooCommerce webtoffee-product-feed allows Object Injection.This issue affects Product Feed for WooCommerce: from n/a through = 2.3.3...