CVE-2025-14071

The Live Composer – Free WordPress Website Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.2 via deserialization of untrusted input in the dslcmodulepostsoutput shortcode. This makes it possible for authenticated attackers, with...

Linux Distros Unpatched Vulnerability : CVE-2020-28032

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WordPress before 5.5.2 mishandles deserialization requests in wp- includes/Requests/Utility/FilteredIterator.php. CVE-2020-28032 Note that Nessus relies on the...

CVE-2024-1772

The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.6.4 via deserialization of untrusted input from the playpodcastdata post meta. This makes it possible for authenticated...

PT-2024-20564 · WordPress · Wpevently

Name of the Vulnerable Software and Affected Versions: Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin versions n/a through 4.1.1 Description: The issue is related to Deserialization of Untrusted Data, which affects the Event Manager and Tickets Selling...

UBUNTU-CVE-2020-28032

WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility/FilteredIterator.php...