2 matches found
WordPress Pendulum theme < 3.1.5 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Pendulum versions 3.1.5...
CVE-2026-24961
CVE-2026-24961 is a Server-Side Request Forgery (SSRF) affecting ThemeGoods WordPress Grand Blog theme (Grand Blog) versions prior to 3.1.5, where the grandblog component is vulnerable. The root cause is SSRF in Grand Blog prior to 3.1.5, enabling an attacker to trigger requests from the server. ...