4 matches found
CVE-2025-39349
Deserialization of Untrusted Data vulnerability in Potenzaglobalsolutions CiyaShop ciyashop allows Object Injection.This issue affects CiyaShop: from n/a through = 4.18.0...
CVE-2025-39349
CVE-2025-39349 : WordPress theme Potenzaglobalsolutions CiyaShop (versions n/a–4.18.0) suffers a PHP Object Injection through deserialization of untrusted data. Underlying risk is tied to object injection (high-impact), with CVSS 3.1 vector: Network, Low complexity, None privileges, no user inter...
CVE-2024-13824 CiyaShop - Multipurpose WooCommerce Theme <= 4.19.0 - Unauthenticated PHP Object Injection
The CiyaShop - Multipurpose WooCommerce Theme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.19.0 via deserialization of untrusted input in the 'addciyashopwishlist' and 'ciyashopgetcompare' functions. This makes it possible for unauthenticated...
CVE-2024-13824 CiyaShop - Multipurpose WooCommerce Theme <= 4.19.0 - Unauthenticated PHP Object Injection
The CiyaShop - Multipurpose WooCommerce Theme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.19.0 via deserialization of untrusted input in the 'addciyashopwishlist' and 'ciyashopgetcompare' functions. This makes it possible for unauthenticated...