Lucene search
K

34358 matches found

CVE
CVE
added 2026/03/25 4:14 p.m.15 views

CVE-2026-23971

CVE-2026-23971 concerns a Deserialization of Untrusted Data vulnerability in the WordPress WoodMart theme (WoodMart) affecting versions from unknown up to and including 8.3.8. The underlying issue is PHP Object Injection via untrusted data deserialization, with a high impact profile (CVSS 3.1: 8....

8.1CVSS5.8AI score0.00308EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 4:14 p.m.24 views

CVE-2026-23971 WordPress WoodMart theme <= 8.3.8 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in xtemos WoodMart woodmart allows Object Injection.This issue affects WoodMart: from n/a through = 8.3.8...

8.1CVSS0.00308EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 4:14 p.m.1 views

CVE-2026-22510 WordPress Melody theme <= 1.6.3 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in AncoraThemes Melody melodyschool allows Object Injection.This issue affects Melody: from n/a through = 1.6.3...

8.1CVSS5.8AI score0.00395EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 4:14 p.m.28 views

CVE-2026-22510 WordPress Melody theme <= 1.6.3 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in AncoraThemes Melody melodyschool allows Object Injection.This issue affects Melody: from n/a through = 1.6.3...

8.1CVSS0.00395EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 4:14 p.m.6 views

CVE-2026-22510

CVE-2026-22510 is a real DESERIALIZATION vulnerability in the WordPress Melody theme (melodyschool), affecting Melody versions up to and including 1.6.3. The root cause is deserialization of untrusted data that enables PHP object injection. The CVSS base score is 8.1 (HIGH) with network attack ve...

8.1CVSS5.8AI score0.00395EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 4:14 p.m.8 views

CVE-2026-22507

CVE-2026-22507 describes a Deserialization of Untrusted Data vulnerability in the WordPress theme Beelove (AncoraThemes Beelove) up to version 1.2.6, allowing PHP object injection. Red Hat and ENISA ENISA-ENISA pages corroborate the same description. The issue affects Beelove: from n/a through

9.8CVSS5.8AI score0.0051EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 4:14 p.m.1 views

CVE-2026-22507 WordPress Beelove theme <= 1.2.6 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in AncoraThemes Beelove beelove allows Object Injection.This issue affects Beelove: from n/a through = 1.2.6...

9.8CVSS5.8AI score0.0051EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 4:14 p.m.1 views

CVE-2026-22505 WordPress Morning Records theme <= 1.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in AncoraThemes Morning Records morning-records allows Object Injection.This issue affects Morning Records: from n/a through = 1.2...

8.1CVSS5.8AI score0.00395EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 4:14 p.m.27 views

CVE-2026-22505 WordPress Morning Records theme <= 1.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in AncoraThemes Morning Records morning-records allows Object Injection.This issue affects Morning Records: from n/a through = 1.2...

8.1CVSS0.00395EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 4:14 p.m.10 views

CVE-2026-22505

CVE-2026-22505 describes a PHP object injection vulnerability due to deserialization of untrusted data in the WordPress theme Morning Records (Morning Records: Music Sound Studio WordPress Theme) up to version 1.2. Affected component is the Morning Records theme’s PHP deserialization path; exploi...

8.1CVSS5.8AI score0.00395EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 4:14 p.m.28 views

CVE-2026-22507 WordPress Beelove theme <= 1.2.6 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in AncoraThemes Beelove beelove allows Object Injection.This issue affects Beelove: from n/a through = 1.2.6...

9.8CVSS0.0051EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 4:14 p.m.2 views

CVE-2026-22500 WordPress m2 | Construction and Tools Store theme <= 1.1.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in axiomthemes m2 | Construction and Tools Store m2-ce allows Object Injection.This issue affects m2 | Construction and Tools Store: from n/a through = 1.1.2...

9.8CVSS5.8AI score0.0051EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 4:14 p.m.28 views

CVE-2026-22500 WordPress m2 | Construction and Tools Store theme <= 1.1.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in axiomthemes m2 | Construction and Tools Store m2-ce allows Object Injection.This issue affects m2 | Construction and Tools Store: from n/a through = 1.1.2...

9.8CVSS0.0051EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 4:14 p.m.6 views

CVE-2026-22500

CVE-2026-22500 describes a PHP Object Injection flaw due to deserialization of untrusted data in the WordPress theme m2-ce (axiomthemes m2 | Construction and Tools Store), affected versions from n/a up to and including 1.1.2. Public Red Hat and CVE records confirm a deserialization/ object inject...

9.8CVSS5.8AI score0.0051EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 4:14 p.m.0 views

CVE-2026-22480 WordPress Product Feed for WooCommerce plugin <= 2.3.3 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in WebToffee Product Feed for WooCommerce webtoffee-product-feed allows Object Injection.This issue affects Product Feed for WooCommerce: from n/a through = 2.3.3...

7.2CVSS5.8AI score0.00503EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 4:14 p.m.5 views

CVE-2026-22480

CVE-2026-22480 concerns WebToffee Product Feed for WooCommerce. The vulnerability is a Deserialization of Untrusted Data issue that enables PHP Object Injection in WebToffee WooCommerce Product Feeds (plugin) versions through 2.3.3. The CVE entry is supported by multiple connected sources (NVD/Re...

7.2CVSS5.8AI score0.00503EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 4:14 p.m.24 views

CVE-2026-22480 WordPress Product Feed for WooCommerce plugin <= 2.3.3 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in WebToffee Product Feed for WooCommerce webtoffee-product-feed allows Object Injection.This issue affects Product Feed for WooCommerce: from n/a through = 2.3.3...

7.2CVSS0.00503EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 4:14 p.m.25 views

CVE-2025-69347 WordPress WPSubscription plugin <= 1.8.10 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Convers Lab WPSubscription subscription allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPSubscription: from n/a through = 1.8.10...

8.6CVSS0.00364EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 4:14 p.m.9 views

CVE-2025-69347

CVE-2025-69347 is an IDOR vulnerability in Convers Lab WPSubscription for WordPress WPSubscription plugin versions up to 1.8.10, enabling a user-controlled key to bypass authorization and access objects/resources that should be restricted. Public sources (NVD/Red Hat/EUVD) describe an Authorizati...

8.6CVSS5.8AI score0.00364EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 4:14 p.m.1 views

CVE-2025-69347 WordPress WPSubscription plugin <= 1.8.10 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Convers Lab WPSubscription subscription allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPSubscription: from n/a through = 1.8.10...

8.6CVSS5.8AI score0.00364EPSS
Exploits0References1
Rows per page
Query Builder