CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3624 matches found

WordPress Export User Data plugin <= 2.2.6 - Authenticated (Subscriber+) PHP Object Injection to Arbitrary File Deletion vulnerability

Authenticated Subscriber+ PHP Object Injection to Arbitrary File Deletion vulnerability discovered by Webbernaut in WordPress Plugin Export User Data versions = 2.2.6...

8CVSS5.8AI score

Exploits0References1Affected Software1

Nuclei•added 15 hours ago•25 views

My Geo Posts Free <= 1.2 - PHP Object Injection

The My Geo Posts Free plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.2 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If ...

9.8CVSS7.5AI score0.0307EPSS

Exploits0References4

Nuclei•added 15 hours ago•27 views

GiveWP Donation Plugin <= 3.16.1 - Unauthenticated PHP Object Injection

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1. This is due to insufficient input validation on user-supplied data. An unauthenticated attacker can inject a serialized PHP object, which...

10CVSS7.7AI score0.29101EPSS

Exploits3References4

Nuclei•added 2 days ago•17 views

Better Search Replace < 1.4.5 - PHP Object Injection

The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. I...

9.8CVSS7.5AI score0.68047EPSS

Exploits2References2

Nuclei•added 4 days ago•134 views

GiveWP - PHP Object Injection

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the 'givetitle' parameter. id: CVE-2024-5932 info: name: GiveWP - PHP Object Injection author:...

10CVSS7.6AI score0.74427EPSS

Exploits11References7

NVD•added 4 days ago•6 views

CVE-2026-56057

Subscriber PHP Object Injection in Uncanny Automator Pro = 7.3.0.6 versions...

9.8CVSS0.00426EPSS

Exploits0References1

NVD•added 4 days ago•6 views

CVE-2026-56031

Unauthenticated PHP Object Injection in Uncanny Automator = 7.3.1.2 versions...

8.1CVSS0.00317EPSS

Exploits0References1

Cvelist•added 4 days ago•32 views

CVE-2026-56057 WordPress Uncanny Automator Pro plugin <= 7.3.0.6 - PHP Object Injection vulnerability

Subscriber PHP Object Injection in Uncanny Automator Pro = 7.3.0.6 versions...

9.8CVSS0.00426EPSS

Exploits0References1

EUVD•added 4 days ago•6 views

EUVD-2026-39711

Subscriber PHP Object Injection in Uncanny Automator Pro = 7.3.0.6 versions...

9.8CVSS5.8AI score0.00426EPSS

Exploits0References1

Cvelist•added 4 days ago•39 views

CVE-2026-56032 WordPress Buddyboss Platform plugin <= 3.0.4 - PHP Object Injection vulnerability

Subscriber PHP Object Injection in Buddyboss Platform = 3.0.4 versions...

9.8CVSS0.00525EPSS

Exploits0References1

Cvelist•added 4 days ago•31 views

CVE-2026-56031 WordPress Uncanny Automator plugin <= 7.3.1.2 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Uncanny Automator = 7.3.1.2 versions...

8.1CVSS0.00317EPSS

Exploits0References1

CVE•added 4 days ago•12 views

CVE-2026-56031

The CVE-2026-56031 entry covers an Unauthenticated PHP Object Injection in the WordPress plugin Uncanny Automator , affecting versions

8.1CVSS5.8AI score0.00317EPSS

Exploits0References1

EUVD•added 4 days ago•5 views

EUVD-2026-39694

Unauthenticated PHP Object Injection in Uncanny Automator = 7.3.1.2 versions...

8.1CVSS5.8AI score0.00317EPSS

Exploits0References1

NVD•added 5 days ago•6 views

CVE-2026-56053

Subscriber PHP Object Injection in EventPrime = 4.3.4.1 versions...

8.8CVSS0.00391EPSS

Exploits0References1

EUVD•added 5 days ago•5 views

EUVD-2026-39382

Subscriber PHP Object Injection in EventPrime = 4.3.4.1 versions...

8.8CVSS5.8AI score0.00391EPSS

Exploits0References1

Cvelist•added 5 days ago•30 views

CVE-2026-56053 WordPress EventPrime plugin <= 4.3.4.1 - PHP Object Injection vulnerability

Subscriber PHP Object Injection in EventPrime = 4.3.4.1 versions...

8.8CVSS0.00391EPSS

Exploits0References1

CVE•added 6 days ago•9 views

CVE-2026-10749

CVE-2026-10749 affects the Post Duplicator WordPress plugin (pre-3.0.15). The vulnerability arises from improper handling of custom metadata during post duplication, storing attacker-supplied serialized values without the WordPress meta API double-serialization protection, enabling PHP Object inj...

7.2CVSS5.9AI score0.003EPSS

Exploits0References1

EUVD•added 6 days ago•5 views

EUVD-2026-38694

The Post Duplicator WordPress plugin before 3.0.15 does not safely handle custom meta-data during post duplication, storing attacker-supplied serialized values without the WordPress meta API's double-serialization protection, allowing users with Contributor-level access and above to inject a PHP...

7.2CVSS5.9AI score0.003EPSS

Exploits0References1

Cvelist•added 6 days ago•36 views

CVE-2026-10749 Post Duplicator < 3.0.15 - Contributor+ PHP Object Injection via customMetaData

0.003EPSS

Exploits0References1

Patchstack•added 2026/06/23 10:2 a.m.•6 views

WordPress Uncanny Automator plugin <= 7.3.1.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by VanTastic in WordPress Plugin Uncanny Automator versions = 7.3.1.2...

8.1CVSS5.9AI score0.00317EPSS

Exploits0Affected Software1

Rows per page