3635 matches found
My Geo Posts Free <= 1.2 - PHP Object Injection
The My Geo Posts Free plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.2 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If ...
GiveWP Donation Plugin <= 3.16.1 - Unauthenticated PHP Object Injection
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1. This is due to insufficient input validation on user-supplied data. An unauthenticated attacker can inject a serialized PHP object, which...
GiveWP - PHP Object Injection
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the 'givetitle' parameter. id: CVE-2024-5932 info: name: GiveWP - PHP Object Injection author:...
CVE-2026-57677
The CVE concerns the WordPress Novalnet Payment Gateway for WooCommerce plugin, affected versions
CVE-2026-57677 WordPress Novalnet Payment Gateway for WooCommerce plugin <= 12.10.3 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Novalnet Payment Gateway for WooCommerce = 12.10.3 versions...
CVE-2026-57621
CVE-2026-57621 : Unauthenticated PHP Object Injection in the WordPress plugin Booktics (versions ≤ 1.0.21). Root cause as stated is PHP object injection in Booktics ≤ 1.0.21. CVSS 3.1 base score 9.8 (CRITICAL) with network attack vector, no user interaction, and impact to confidentiality, integri...
CVE-2026-27414
CVE-2026-27414 details (provided): WordPress Werkstatt theme
CVE-2026-27060
CVE-2026-27060 details (connected documents) : A PHP Object Injection vulnerability affects the WordPress ARMember Premium plugin (<= 7.0). The root cause is PHP Object Injection in ARMember Premium
CVE-2026-27060 WordPress ARMember Premium plugin <= 7.0 - PHP Object Injection vulnerability
Contributor PHP Object Injection in ARMember Premium = 7.0 versions...
Better Search Replace < 1.4.5 - PHP Object Injection
The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. I...
WordPress Werkstatt theme <= 4.8.3 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Werkstatt versions = 4.8.3...
WordPress Export User Data plugin <= 2.2.6 - Authenticated (Subscriber+) PHP Object Injection to Arbitrary File Deletion vulnerability
Authenticated Subscriber+ PHP Object Injection to Arbitrary File Deletion vulnerability discovered by Webbernaut in WordPress Plugin Export User Data versions = 2.2.6...
WordPress Novalnet Payment Gateway for WooCommerce plugin <= 12.10.3 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by qdtad in WordPress Plugin Novalnet Payment Gateway for WooCommerce versions = 12.10.3...
CVE-2026-56057
Subscriber PHP Object Injection in Uncanny Automator Pro = 7.3.0.6 versions...
CVE-2026-56031
Unauthenticated PHP Object Injection in Uncanny Automator = 7.3.1.2 versions...
CVE-2026-56057 WordPress Uncanny Automator Pro plugin <= 7.3.0.6 - PHP Object Injection vulnerability
Subscriber PHP Object Injection in Uncanny Automator Pro = 7.3.0.6 versions...
EUVD-2026-39711
Subscriber PHP Object Injection in Uncanny Automator Pro = 7.3.0.6 versions...
CVE-2026-56032 WordPress Buddyboss Platform plugin <= 3.0.4 - PHP Object Injection vulnerability
Subscriber PHP Object Injection in Buddyboss Platform = 3.0.4 versions...
CVE-2026-56031 WordPress Uncanny Automator plugin <= 7.3.1.2 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Uncanny Automator = 7.3.1.2 versions...
CVE-2026-56031
The CVE-2026-56031 entry covers an Unauthenticated PHP Object Injection in the WordPress plugin Uncanny Automator , affecting versions