Lucene search
K

4 matches found

EUVD
EUVD
added 2026/05/02 5:29 a.m.11 views

EUVD-2026-26750

The Profile Builder Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to and including 3.14.5. This is due to the use of PHP's maybeunserialize function on the attacker-controlled 'args' POST parameter within the wppbrequestuserspinsactioncallback AJAX handler, whi...

8.1CVSS5.9AI score0.00462EPSS
Exploits0References5
CVE
CVE
added 2026/02/11 6:0 a.m.25 views

CVE-2026-1235

CVE-2026-1235 concerns the WP eCommerce WordPress plugin (<= 3.15.1). The vulnerability arises from unserializing user input via AJAX actions, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog. Affected software is explicitly ...

6.5CVSS5.7AI score0.00269EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/11 12:0 a.m.5 views

WordPress plugin WP eCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

6.5CVSS5.9AI score0.00269EPSS
Exploits0References1
CISA KEV Catalog
CISA KEV Catalog
added 2021/11/03 12:0 a.m.23 views

Progress Telerik UI for ASP.NET AJAX Deserialization of Untrusted Data Vulnerability

Progress Telerik UI for ASP.NET AJAX contains a deserialization of untrusted data vulnerability through RadAsyncUpload which leads to code execution on the server in the context of the w3wp.exe process...

9.8CVSS9.2AI score0.99737EPSS
In wildExploits16
Rows per page
Query Builder