CVE-2026-7637 Boost <= 2.0.3 - Unauthenticated PHP Object Injection via STYXKEY-BOOST_USER_LOCATION Cookie

The Boost plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.0.3 via deserialization of untrusted input in the STYXKEY-BOOSTUSERLOCATION cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present i...

CVE-2026-7637 Boost <= 2.0.3 - Unauthenticated PHP Object Injection via STYXKEY-BOOST_USER_LOCATION Cookie

The Boost plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.0.3 via deserialization of untrusted input in the STYXKEY-BOOSTUSERLOCATION cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present i...

WordPress Divi Booster plugin < 5.0.2 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability discovered by Saif Team 51 in WordPress Plugin Divi Booster versions 5.0.2...

WordPress GiveWP - Donation Plugin and Fundraising Platform plugin <= 3.14.1 - Unauthenticated PHP Object Injection to Remote Code Execution vulnerability

WordPress GiveWP - Donation Plugin and Fundraising Platform plugin = 3.14.1 - Unauthenticated PHP Object Injection to Remote Code Execution vulnerability discovered by villu164 in WordPress Plugin GiveWP versions = 3.14.1...

WordPress Database for Contact Form 7, WPforms, Elementor forms plugin <= 1.4.3 - Unauthenticated PHP Object Injection to Arbitrary File Deletion vulnerability

Unauthenticated PHP Object Injection to Arbitrary File Deletion vulnerability discovered by mikemyers in WordPress Plugin Contact Form Entries versions = 1.4.3...

EUVD-2025-25694

Malicious code in bioql PyPI...

CVE-2025-9083 Ninja-forms < 3.11.1 - Unauthenticated PHP Objection

The Ninja Forms WordPress plugin before 3.11.1 unserializes user input via form field, which could allow Unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...

CVE-2025-7384 Database for Contact Form 7, WPforms, Elementor forms <= 1.4.3 - Unauthenticated PHP Object Injection to Arbitrary File Deletion

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.3 via deserialization of untrusted input in the getleaddetail function. This makes it possible for unauthenticated attackers to inject a P...

WordPress Puzzles theme <= 4.2.4 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability discovered by Lucio Sá in WordPress Theme Puzzles versions = 4.2.4...

WordPress Compare Products for WooCommerce plugin <= 3.2.1 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability discovered by Brian Sans-Souci liardom in WordPress Plugin Compare Products for WooCommerce versions = 3.2.1...

WordPress ARPrice plugin <= 4.1.3 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability discovered by Bonds Patchstack Alliance in WordPress Plugin ARPrice versions = 4.1.3...

WordPress GiveWP plugin <= 3.16.1 - Unauthenticated PHP Object Injection to Remote Code Execution (RCE) vulnerability

Unauthenticated PHP Object Injection to Remote Code Execution RCE vulnerability discovered by cuokon in WordPress Plugin GiveWP versions = 3.16.1...

WordPress Virim plugin <= 0.4 - Unauthenticated Object Injection vulnerability

Unauthenticated Object Injection vulnerability found by Magnus K. Stubman in WordPress Virim plugin versions = 0.4. Solution 27 May 2019 - This plugin was closed and is no longer available for download...

Carts Guru <= 1.4.4 - Unauthenticated Object Injection

The Carts Guru WordPress plugin was affected by an Unauthenticated Object Injection security vulnerability...

WordPress WP Job Manager plugin <=1.29.2 - Unauthenticated Object Injection vulnerability

Unauthenticated Object Injection vulnerability found in WordPress WP Job Manager plugin versions =1.29.2. Solution Update the WordPress WP Job Manager plugin to the latest available version at least 1.29.3...