Lucene search
K

3641 matches found

CVE
CVE
added 58 minutes ago15 views

CVE-2026-13244

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Tealium iQ Tag Management allows Object Injection. This issue affects Tealium iQ Tag Management versions: from 0.0.0 to 2.4.0...

6.1AI score
Exploits0References1
CVE
CVE
added 1 hour ago5 views

CVE-2026-55810

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Plotly.js Graphing allows Object Injection. This issue affects Plotly.js Graphing versions: from 0.0.0 to 3.0.2...

6.1AI score
Exploits0References1
CVE
CVE
added 1 hour ago8 views

CVE-2026-12535

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Drupal Formatter Field allows Object Injection. This issue affects Formatter Field versions: from 0.0.0 to 2.0.0...

6.1AI score
Exploits0References1
Nuclei
Nuclei
added 19 hours ago19 views

Better Search Replace < 1.4.5 - PHP Object Injection

The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. I...

9.8CVSS7.3AI score0.68047EPSS
Exploits2References2
Nuclei
Nuclei
added 19 hours ago29 views

GiveWP Donation Plugin <= 3.16.1 - Unauthenticated PHP Object Injection

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1. This is due to insufficient input validation on user-supplied data. An unauthenticated attacker can inject a serialized PHP object, which...

10CVSS7.5AI score0.28931EPSS
Exploits3References4
Nuclei
Nuclei
added 19 hours ago99 views

My Geo Posts Free <= 1.2 - PHP Object Injection

The My Geo Posts Free plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.2 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If ...

9.8CVSS7.3AI score0.0307EPSS
Exploits0References4
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-12378 BookingPress <= 1.1.28 - Unauthenticated PHP Object Injection

The Appointment Booking Calendar Plugin and Scheduling Plugin WordPress plugin through 1.1.28 does not validate data before passing it to a PHP deserialization function, allowing unauthenticated attackers to inject arbitrary PHP objects; where a suitable gadget chain is present on the site this c...

0.00389EPSS
Exploits0References1
Nuclei
Nuclei
added 3 days ago153 views

GiveWP - PHP Object Injection

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the 'givetitle' parameter. id: CVE-2024-5932 info: name: GiveWP - PHP Object Injection author:...

10CVSS7.3AI score0.74283EPSS
Exploits11References7
Cvelist
Cvelist
added 2026/07/02 11:15 a.m.35 views

CVE-2026-57677 WordPress Novalnet Payment Gateway for WooCommerce plugin <= 12.10.3 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in Novalnet Payment Gateway for WooCommerce = 12.10.3 versions...

9.8CVSS0.00336EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:15 a.m.20 views

CVE-2026-57677

The CVE concerns the WordPress Novalnet Payment Gateway for WooCommerce plugin, affected versions

9.8CVSS5.8AI score0.00336EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:15 a.m.11 views

CVE-2026-57621

CVE-2026-57621 : Unauthenticated PHP Object Injection in the WordPress plugin Booktics (versions ≤ 1.0.21). Root cause as stated is PHP object injection in Booktics ≤ 1.0.21. CVSS 3.1 base score 9.8 (CRITICAL) with network attack vector, no user interaction, and impact to confidentiality, integri...

9.8CVSS5.8AI score0.00336EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:14 a.m.15 views

CVE-2026-27414

CVE-2026-27414 details (provided): WordPress Werkstatt theme

8.8CVSS5.8AI score0.00288EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 11:14 a.m.37 views

CVE-2026-27060 WordPress ARMember Premium plugin <= 7.0 - PHP Object Injection vulnerability

Contributor PHP Object Injection in ARMember Premium = 7.0 versions...

8.8CVSS0.00288EPSS
Exploits0References1
CVE
CVE
added 2026/07/02 11:14 a.m.19 views

CVE-2026-27060

CVE-2026-27060 details (connected documents) : A PHP Object Injection vulnerability affects the WordPress ARMember Premium plugin (&lt;= 7.0). The root cause is PHP Object Injection in ARMember Premium

8.8CVSS5.8AI score0.00288EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.9 views

PT-2026-54976

Contributor PHP Object Injection in Werkstatt = 4.8.3 versions...

8.8CVSS5.8AI score0.00288EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/06/30 1:46 p.m.5 views

WordPress Werkstatt theme <= 4.8.3 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Werkstatt versions = 4.8.3...

8.8CVSS5.8AI score0.00288EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/06/30 9:4 a.m.10 views

WordPress Export User Data plugin <= 2.2.6 - Authenticated (Subscriber+) PHP Object Injection to Arbitrary File Deletion vulnerability

Authenticated Subscriber+ PHP Object Injection to Arbitrary File Deletion vulnerability discovered by Webbernaut in WordPress Plugin Export User Data versions = 2.2.6...

8CVSS5.8AI score0.00341EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/29 1:23 p.m.5 views

WordPress Novalnet Payment Gateway for WooCommerce plugin <= 12.10.3 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by qdtad in WordPress Plugin Novalnet Payment Gateway for WooCommerce versions = 12.10.3...

9.8CVSS5.8AI score0.00336EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/26 3:16 p.m.6 views

CVE-2026-56057

Subscriber PHP Object Injection in Uncanny Automator Pro = 7.3.0.6 versions...

9.8CVSS0.00426EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.7 views

CVE-2026-56031

Unauthenticated PHP Object Injection in Uncanny Automator = 7.3.1.2 versions...

8.1CVSS0.00317EPSS
Exploits0References1
Rows per page
Query Builder