CVE-2025-30618 WordPress Rapyd Payment Extension for WooCommerce plugin <= 1.2.0 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in yuliaz Rapyd Payment Extension for WooCommerce rapyd-payments allows Object Injection.This issue affects Rapyd Payment Extension for WooCommerce: from n/a through = 1.2.0...

CVE-2025-30618 WordPress Rapyd Payment Extension for WooCommerce plugin <= 1.2.0 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in yuliaz Rapyd Payment Extension for WooCommerce rapyd-payments allows Object Injection.This issue affects Rapyd Payment Extension for WooCommerce: from n/a through = 1.2.0...

CVE-2025-31919 WordPress Spare <= 1.7 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in themeton Spare allows Object Injection. This issue affects Spare: from n/a through 1.7...

CVE-2025-49330 WordPress Integration for Contact Form 7 and Zoho CRM, Bigin <= 1.3.0 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in CRM Perks Integration for Contact Form 7 and Zoho CRM, Bigin allows Object Injection. This issue affects Integration for Contact Form 7 and Zoho CRM, Bigin: from n/a through 1.3.0...

CVE-2025-49330 WordPress Integration for Contact Form 7 and Zoho CRM, Bigin plugin <= 1.3.0 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in CRM Perks Integration for Contact Form 7 and Zoho CRM, Bigin cf7-zoho allows Object Injection.This issue affects Integration for Contact Form 7 and Zoho CRM, Bigin: from n/a through = 1.3.0...

CVE-2025-49331 WordPress eCommerce Product Catalog plugin <= 3.4.3 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in impleCode eCommerce Product Catalog ecommerce-product-catalog allows Object Injection.This issue affects eCommerce Product Catalog: from n/a through = 3.4.3...

CVE-2025-49331 WordPress eCommerce Product Catalog <= 3.4.3 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in impleCode eCommerce Product Catalog allows Object Injection. This issue affects eCommerce Product Catalog: from n/a through 3.4.3...

Exploit for CVE-2025-49113

CVE‑2025‑49113 – Post‑Auth Remote Code Execution in Roundcube...

WordPress Glossary by WPPedia Code Issue Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A code issue vulnerability exists in WordPress Glossary by WPPedia that stems from improper deserialization of the posttypes parameter, which can be exploited by an attacker to...

WordPress Integration for Contact Form 7 and Zoho CRM, Bigin plugin <= 1.3.0 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Frissi0n in WordPress Plugin Integration for Contact Form 7 and Zoho CRM, Bigin versions = 1.3.0...

Roundcube 1.6.10 - Remote Code Execution (RCE)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Roundcube ≤ 1.6.10 Post-Auth RCE via PHP Object Deserialization', 'Description' = %q Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allo...

Fedora 42 : roundcubemail (2025-70701de9de)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-70701de9de advisory. This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to recently reported security vulnerabilities: Fix Post-Auth RCE...

WordPress Ninja Tables plugin code issue vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Ninja Tables plugin has a code issue vulnerability , the vulnerability stems from argscallback parameter deserialization untrustworthy inputs , an attacker can use thi...

Fedora 41 : roundcubemail (2025-a5f56fe8ff)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-a5f56fe8ff advisory. This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to recently reported security vulnerabilities: Fix Post-Auth RCE...

WordPress Photography Theme <= 7.7.2 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme Photography versions = 7.7.2...

WordPress Spare theme <= 1.7 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Spare versions = 1.7...

CVE-2025-49455 WordPress TinySalt < 3.10.0 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in LoftOcean TinySalt allows Object Injection.This issue affects TinySalt: from n/a before 3.10.0...

CVE-2025-49455 WordPress WordPress-WPJobBoard <= 25.07010000-WP6.8.1-JB5.11.5 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ClickandPledge WordPress-WPJobBoard click-pledge-wpjobboard allows Blind SQL Injection.This issue affects WordPress-WPJobBoard: from n/a through = 25.07010000-WP6.8.1-JB5.11.5...

CVE-2025-49507 WordPress CozyStay theme < 1.7.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in LoftOcean CozyStay cozystay allows Object Injection.This issue affects CozyStay: from n/a through 1.7.1...

WordPress Spare Theme <= 1.7 is vulnerable to PHP Object Injection

Software Spare Type Theme Vulnerable versions = 1.7 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-31919 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 56b785ef822a Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity Require...