34358 matches found
CVE-2026-23971
CVE-2026-23971 concerns a Deserialization of Untrusted Data vulnerability in the WordPress WoodMart theme (WoodMart) affecting versions from unknown up to and including 8.3.8. The underlying issue is PHP Object Injection via untrusted data deserialization, with a high impact profile (CVSS 3.1: 8....
CVE-2026-23971 WordPress WoodMart theme <= 8.3.8 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in xtemos WoodMart woodmart allows Object Injection.This issue affects WoodMart: from n/a through = 8.3.8...
CVE-2026-22510 WordPress Melody theme <= 1.6.3 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in AncoraThemes Melody melodyschool allows Object Injection.This issue affects Melody: from n/a through = 1.6.3...
CVE-2026-22510 WordPress Melody theme <= 1.6.3 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in AncoraThemes Melody melodyschool allows Object Injection.This issue affects Melody: from n/a through = 1.6.3...
CVE-2026-22510
CVE-2026-22510 is a real DESERIALIZATION vulnerability in the WordPress Melody theme (melodyschool), affecting Melody versions up to and including 1.6.3. The root cause is deserialization of untrusted data that enables PHP object injection. The CVSS base score is 8.1 (HIGH) with network attack ve...
CVE-2026-22507
CVE-2026-22507 describes a Deserialization of Untrusted Data vulnerability in the WordPress theme Beelove (AncoraThemes Beelove) up to version 1.2.6, allowing PHP object injection. Red Hat and ENISA ENISA-ENISA pages corroborate the same description. The issue affects Beelove: from n/a through
CVE-2026-22507 WordPress Beelove theme <= 1.2.6 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in AncoraThemes Beelove beelove allows Object Injection.This issue affects Beelove: from n/a through = 1.2.6...
CVE-2026-22505 WordPress Morning Records theme <= 1.2 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in AncoraThemes Morning Records morning-records allows Object Injection.This issue affects Morning Records: from n/a through = 1.2...
CVE-2026-22505 WordPress Morning Records theme <= 1.2 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in AncoraThemes Morning Records morning-records allows Object Injection.This issue affects Morning Records: from n/a through = 1.2...
CVE-2026-22505
CVE-2026-22505 describes a PHP object injection vulnerability due to deserialization of untrusted data in the WordPress theme Morning Records (Morning Records: Music Sound Studio WordPress Theme) up to version 1.2. Affected component is the Morning Records theme’s PHP deserialization path; exploi...
CVE-2026-22507 WordPress Beelove theme <= 1.2.6 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in AncoraThemes Beelove beelove allows Object Injection.This issue affects Beelove: from n/a through = 1.2.6...
CVE-2026-22500 WordPress m2 | Construction and Tools Store theme <= 1.1.2 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in axiomthemes m2 | Construction and Tools Store m2-ce allows Object Injection.This issue affects m2 | Construction and Tools Store: from n/a through = 1.1.2...
CVE-2026-22500 WordPress m2 | Construction and Tools Store theme <= 1.1.2 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in axiomthemes m2 | Construction and Tools Store m2-ce allows Object Injection.This issue affects m2 | Construction and Tools Store: from n/a through = 1.1.2...
CVE-2026-22500
CVE-2026-22500 describes a PHP Object Injection flaw due to deserialization of untrusted data in the WordPress theme m2-ce (axiomthemes m2 | Construction and Tools Store), affected versions from n/a up to and including 1.1.2. Public Red Hat and CVE records confirm a deserialization/ object inject...
CVE-2026-22480 WordPress Product Feed for WooCommerce plugin <= 2.3.3 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in WebToffee Product Feed for WooCommerce webtoffee-product-feed allows Object Injection.This issue affects Product Feed for WooCommerce: from n/a through = 2.3.3...
CVE-2026-22480
CVE-2026-22480 concerns WebToffee Product Feed for WooCommerce. The vulnerability is a Deserialization of Untrusted Data issue that enables PHP Object Injection in WebToffee WooCommerce Product Feeds (plugin) versions through 2.3.3. The CVE entry is supported by multiple connected sources (NVD/Re...
CVE-2026-22480 WordPress Product Feed for WooCommerce plugin <= 2.3.3 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in WebToffee Product Feed for WooCommerce webtoffee-product-feed allows Object Injection.This issue affects Product Feed for WooCommerce: from n/a through = 2.3.3...
CVE-2025-69347 WordPress WPSubscription plugin <= 1.8.10 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Convers Lab WPSubscription subscription allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPSubscription: from n/a through = 1.8.10...
CVE-2025-69347
CVE-2025-69347 is an IDOR vulnerability in Convers Lab WPSubscription for WordPress WPSubscription plugin versions up to 1.8.10, enabling a user-controlled key to bypass authorization and access objects/resources that should be restricted. Public sources (NVD/Red Hat/EUVD) describe an Authorizati...
CVE-2025-69347 WordPress WPSubscription plugin <= 1.8.10 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Convers Lab WPSubscription subscription allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPSubscription: from n/a through = 1.8.10...