4 matches found
EUVD-2026-26750
The Profile Builder Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to and including 3.14.5. This is due to the use of PHP's maybeunserialize function on the attacker-controlled 'args' POST parameter within the wppbrequestuserspinsactioncallback AJAX handler, whi...
CVE-2026-1235
CVE-2026-1235 concerns the WP eCommerce WordPress plugin (<= 3.15.1). The vulnerability arises from unserializing user input via AJAX actions, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog. Affected software is explicitly ...
WordPress plugin WP eCommerce 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
Progress Telerik UI for ASP.NET AJAX Deserialization of Untrusted Data Vulnerability
Progress Telerik UI for ASP.NET AJAX contains a deserialization of untrusted data vulnerability through RadAsyncUpload which leads to code execution on the server in the context of the w3wp.exe process...