123 matches found
CVE-2026-59518
CVE-2026-59518 affects the WordPress Directorist plugin (Directorist) versions up to 8.8.2. It is a PHP object-injection vulnerability caused by deserialization of untrusted data, with CVSS v3.1 base score 9.8 (Network, Low attack complexity, No privileges, No user interaction; Confidentiality/In...
CVE-2026-57371 WordPress WPJAM Basic plugin <= 7.0 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in denishua WPJAM Basic wpjam-basic allows Object Injection.This issue affects WPJAM Basic: from n/a through = 7.0...
DRUPAL-CONTRIB-2026-050
The Plotly.js Graphing module provides a fully customizable implementation of the open source Plotly.js graphing library. The module stores some data as PHP-serialized strings. In some situations, malicious data can be written directly to the field. This can lead to an object injection...
CVE-2026-40752 WordPress Manufaktur Solutions theme <= 1.1.1 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Manufaktur Solutions = 1.1.1 versions...
CVE-2026-39445 WordPress Alukas theme < 3.0.0 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Alukas 3.0.0 versions...
CVE-2026-40739 WordPress LuxeDrive theme <= 1.4 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in LuxeDrive = 1.4 versions...
CVE-2026-39539 WordPress Alloggio - Hotel Booking theme <= 2.1.2 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in Alloggio - Hotel Booking = 2.1.2 versions...
PT-2026-50081
Unauthenticated PHP Object Injection in SeaFood Company = 1.4 versions...
CVE-2026-42687
The CVE-2026-42687 entry concerns the WordPress EventPrime plugin (versions ≤ 4.3.2.1). It describes an unauthenticated PHP Object Injection vulnerability in EventPrime, with a CVSS v3.1 base score of 8.1 (HIGH) and a network attack vector, no user interaction, and high impact on confidentiality,...
CVE-2026-39474
The CVE CVE-2026-39474 concerns the WordPress Post Duplicator plugin (versions
CVE-2026-39478
CVE-2026-39478 concerns the WordPress plugin “Anti-Malware Security and Brute-Force Firewall” (versions
CVE-2026-39471
CVE-2026-39471 affects the WordPress ShortPixel Image Optimizer plugin (
PT-2026-49509
Unauthenticated PHP Object Injection in Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms = 1.4.3 versions...
WordPress OttoKit plugin <= 1.1.27 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by daroo in WordPress Plugin OttoKit versions = 1.1.27...
WordPress LuxeDrive theme <= 1.4 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme LuxeDrive versions = 1.4...
WordPress Laurits theme <= 1.5.1 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Laurits versions = 1.5.1...
WordPress m2 | Construction and Tools Store theme <= 1.1.2 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme m2 | Construction and Tools Store versions = 1.1.2...
WordPress Grand Wedding theme <= 3.1.0 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Grand Wedding versions = 3.1.0...
WordPress Tennis Club theme <= 1.2.3 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Tennis Club versions = 1.2.3...
WordPress PhotoMe theme <= 5.6.11 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme PhotoMe versions = 5.6.11...