3726 matches found
CVE-2025-2939
The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.0.18 via deserialization of untrusted input from the argscallback parameter . This makes it possible for unauthenticated attackers to inject a PHP Object...
CVE-2025-2939
The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.0.18 via deserialization of untrusted input from the argscallback parameter . This makes it possible for unauthenticated attackers to inject a PHP Object...
CVE-2025-2939 Ninja Tables – Easy Data Table Builder <= 5.0.18 - Unauthenticated PHP Object Injection to Limited Remote Code Execution
The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.0.18 via deserialization of untrusted input from the argscallback parameter . This makes it possible for unauthenticated attackers to inject a PHP Object...
CVE-2025-2939
The CVE describes a PHP Object Injection in the WordPress plugin Ninja Tables – Easy Data Table Builder (versions up to and including 5.0.18). The vulnerability arises from deserialization of untrusted input via the args[callback] parameter, enabling unauthenticated attackers to inject a PHP Obje...
CVE-2025-2939 Ninja Tables – Easy Data Table Builder <= 5.0.18 - Unauthenticated PHP Object Injection to Limited Remote Code Execution
The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.0.18 via deserialization of untrusted input from the argscallback parameter . This makes it possible for unauthenticated attackers to inject a PHP Object...
WordPress Sweet Dessert Theme < 1.1.13 is vulnerable to PHP Object Injection
Software Sweet Dessert Type Theme Vulnerable versions 1.1.13 Fixed in 1.1.13 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-49073 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 3fb9eef0dd59 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber...
PT-2025-23564 · WordPress · The Ninja Tables
Name of the Vulnerable Software and Affected Versions: The Ninja Tables – Easy Data Table Builder plugin for WordPress versions up to, and including, 5.0.18 Description: The issue is related to PHP Object Injection via deserialization of untrusted input from the argscallback parameter. This allow...
WordPress FLAP - Business WordPress Theme Theme <= 1.5 is vulnerable to PHP Object Injection
Software FLAP - Business WordPress Theme Type Theme Vulnerable versions = 1.5 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-31396 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 7616fcd52be9 Credits Tran Nguyen Bao Khanh VCI -...
WordPress Ninja Tables – Easy Data Table Builder plugin <= 5.0.18 - Unauthenticated PHP Object Injection to Limited Remote Code Execution vulnerability
Unauthenticated PHP Object Injection to Limited Remote Code Execution vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin Ninja Tables versions = 5.0.18...
WordPress Mr. Murphy < 1.2.12.1 - PHP Object Injection Vulnerability
PHP Object Injection Vulnerability discovered by Tran Nguyen Bao Khanh in WordPress Theme Mr. Murphy versions 1.2.12.1...
GHSA-8J8W-WWQC-X596 Roundcube Webmail Vulnerable to Authenticated RCE via PHP Object Deserialization
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization...
Roundcube Webmail Vulnerable to Authenticated RCE via PHP Object Deserialization
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization...
CVE-2025-49113
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization...
CVE-2025-49113
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization...
CVE-2025-49113
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization...
CVE-2025-49113
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization...
CVE-2025-49113
CVE-2025-49113 affects Roundcube Webmail (Roundscube core) with PHP Object Deserialization via the unvalidated _from parameter in actions/settings/upload.php. The issue allows remote code execution by an authenticated user. Public advisories confirm RCE implications and that patches were released...
WordPress Mr. Murphy Theme < 1.2.12.1 is vulnerable to PHP Object Injection
Software Mr. Murphy Type Theme Vulnerable versions 1.2.12.1 Fixed in 1.2.12.1 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-49072 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 743adbe763dd Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber...
Roundcube Webmail RCE Vulnerability (Jun 2025) - Windows
Roundcube Webmail is prone to an authenticated remote code execution RCE vulnerability via php object deserialization. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Post-Auth Remote Code Execution found in Roundcube Webmail
Roundcube Webmail reports: Fix Post-Auth RCE via PHP Object Deserialization reported by firs0v...