3574 matches found
CVE-2026-24981
CVE-2026-24981 is a Deserialization of Untrusted Data vulnerability in Visionary Core (NooVisionary Core) affecting Visionary Core versions from a pre-release to and including 1.4.9. The issue allows PHP object injection due to deserialization of untrusted data. CVSS v3.1 vector: AV:N/AC:L/PR:L/U...
CVE-2026-24974
CVE-2026-24974 concerns the CitiLights WordPress Theme (noo-citilights) vulnerability: Deserialization of untrusted data enabling PHP object injection. Affected software: CitiLights Real Estate WordPress Theme (noo-citilights) versions up to and including 3.7.1. The issue is authenticated (Subscr...
CVE-2026-24976 WordPress Organici Library plugin <= 2.1.2 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in NooTheme Organici Library noo-organici-library allows Object Injection.This issue affects Organici Library: from n/a through = 2.1.2...
CVE-2026-24974 WordPress CitiLights theme <= 3.7.1 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in NooTheme CitiLights noo-citilights allows Object Injection.This issue affects CitiLights: from n/a through = 3.7.1...
CVE-2026-24378 WordPress EventPrime plugin <= 4.2.8.0 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Object Injection.This issue affects EventPrime: from n/a through = 4.2.8.0...
CVE-2026-24378
CVE-2026-24378 describes a Deserialization of Untrusted Data flaw in EventPrime (Events Calendar, Bookings and Tickets) that enables unauthenticated PHP object injection. Affected: EventPrime
CVE-2026-22507 WordPress Beelove theme <= 1.2.6 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in AncoraThemes Beelove beelove allows Object Injection.This issue affects Beelove: from n/a through = 1.2.6...
CVE-2026-22507
CVE-2026-22507 describes a Deserialization of Untrusted Data vulnerability in the WordPress theme Beelove (AncoraThemes Beelove) up to version 1.2.6, allowing PHP object injection. Red Hat and ENISA ENISA-ENISA pages corroborate the same description. The issue affects Beelove: from n/a through
CVE-2026-22480 WordPress Product Feed for WooCommerce plugin <= 2.3.3 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in WebToffee Product Feed for WooCommerce webtoffee-product-feed allows Object Injection.This issue affects Product Feed for WooCommerce: from n/a through = 2.3.3...
WordPress Apicona theme <= 24.1.0 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Apicona versions = 24.1.0...
WordPress Meloo theme < 2.8.2 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Meloo versions 2.8.2...
WordPress Borgholm theme < 1.6 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Denver Jackson in WordPress Theme Borgholm versions 1.6...
WordPress Ricky theme < 2.31 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Ricky versions 2.31...
WordPress Tasty Daily theme < 1.27 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Tasty Daily versions 1.27...
WordPress Goldish theme < 3.47 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Goldish versions 3.47...
WordPress Pendulum theme < 3.1.5 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Pendulum versions 3.1.5...
WordPress Vex theme < 1.2.9 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Vex versions 1.2.9...
WordPress JS Archive List plugin <= 6.1.7 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by daroo in WordPress Plugin JS Archive List versions = 6.1.7...
CVE-2026-25445 WordPress WishList Member X plugin <= 3.29.0 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Membership Software WishList Member X allows Object Injection.This issue affects WishList Member X: from n/a through 3.29.0...
CVE-2026-25445 WordPress WishList Member X plugin <= 3.29.0 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Membership Software WishList Member X allows Object Injection.This issue affects WishList Member X: from n/a through 3.29.0...