WordPress Photography Theme <= 7.5.2 is vulnerable to PHP Object Injection

Software Photography Type Theme Vulnerable versions = 7.5.2 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-47579 Patch priority High CVSS severity High 9 Developer EPC PSID f3488f35689e Credits Rafie Muhammad Patchstack Required privilege Unauthenticated...

CVE-2025-31396 WordPress FLAP - Business WordPress Theme <= 1.5 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in themeton FLAP - Business WordPress Theme allows Object Injection. This issue affects FLAP - Business WordPress Theme: from n/a through 1.5...

CVE-2025-31396

CVE-2025-31396: Deserialization of Untrusted Data leading to Object Injection in the FLAP - Business WordPress Theme. Affected: FLAP - Business WordPress Theme (versions from unspecified base up to 1.5). Root cause: untrusted data deserialization enabling object injection. Remediation details are...

WordPress TinySalt Theme < 3.10.0 is vulnerable to PHP Object Injection

Software TinySalt Type Theme Vulnerable versions 3.10.0 Fixed in 3.10.0 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-49455 Patch priority High CVSS severity High 9.8 Developer LoftOcean PSID 832baca8d9fd Credits Bonds Required privilege Unauthenticated Published 9...

WordPress Themify Edmin Theme <= 2.0.0 is vulnerable to PHP Object Injection

Software Themify Edmin Type Theme Vulnerable versions = 2.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-31047 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID c525fceb3917 Credits Phat RiO - BlueRock Required privilege...

WordPress CozyStay Theme < 1.7.1 is vulnerable to PHP Object Injection

Software CozyStay Type Theme Vulnerable versions 1.7.1 Fixed in 1.7.1 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-49507 Patch priority High CVSS severity High 9.8 Developer LoftOcean PSID 87cadbf62283 Credits Bonds Required privilege Unauthenticated Published 9 Jun...

CVE-2025-49072 WordPress Mr. Murphy < 1.2.12.1 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in AncoraThemes Mr. Murphy allows Object Injection.This issue affects Mr. Murphy: from n/a before 1.2.12.1...

CVE-2025-49072 WordPress Mr. Murphy < 1.2.12.1 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in AncoraThemes Mr. Murphy mr-murphy allows Object Injection.This issue affects Mr. Murphy: from n/a through 1.2.12.1...

CVE-2025-49073 WordPress Sweet Dessert < 1.1.13 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in axiomthemes Sweet Dessert sweet-dessert allows Object Injection.This issue affects Sweet Dessert: from n/a through 1.1.13...

CVE-2025-39358 WordPress WP Posts Carousel <= 1.3.12 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in teastudio.pl WP Posts Carousel wp-posts-carousel allows Object Injection.This issue affects WP Posts Carousel: from n/a through = 1.3.12...

CVE-2025-39358 WordPress WP Posts Carousel <= 1.3.12 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in teastudio.pl WP Posts Carousel wp-posts-carousel allows Object Injection.This issue affects WP Posts Carousel: from n/a through = 1.3.12...

CVE-2025-47584 WordPress Photography theme <= 7.5.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in ThemeGoods Photography.This issue affects Photography: from n/a through 7.5.2...

CVE-2025-47584 WordPress Photography theme <= 7.5.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in ThemeGoods Photography.This issue affects Photography: from n/a through 7.5.2...

Roundcube Webmail Deserialization Vulnerability

RoundCube Webmail is a browser-based open source multi-language IMAP client , using PHP + Ajax development , to provide a desktop application-like interface and complete mail management features . Roundcube Webmail has a deserialization vulnerability , the vulnerability stems from the...

Exploit for CVE-2025-49113

CVE-2025-49113 PoC Repository Overview of CVE-2025-49113 C...

CVE-2025-2939

The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.0.18 via deserialization of untrusted input from the argscallback parameter . This makes it possible for unauthenticated attackers to inject a PHP Object...

Exploit for CVE-2025-49113

📧 Roundcube ≤ 1.6.10 Post-Auth RCE via PHP Object Deserializat...

FreeBSD : Post-Auth Remote Code Execution found in Roundcube Webmail (0d6094a2-4095-11f0-8c92-00d861a0e66d)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 0d6094a2-4095-11f0-8c92-00d861a0e66d advisory. Roundcube Webmail reports: Fix Post-Auth RCE via PHP Object Deserialization reported by firs0v Tenable...

Critical 10-Year-Old Roundcube Webmail Bug Allows Authenticated Users Run Malicious Code

Cybersecurity researchers have disclosed details of a critical security flaw in the Roundcube webmail software that has gone unnoticed for a decade and could be exploited to take over susceptible systems and execute arbitrary code. The vulnerability, tracked as CVE-2025-49113 , carries a CVSS sco...

WordPress Sweet Dessert < 1.1.13 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Sweet Dessert versions 1.1.13...