PT-2026-26268

🚨 CVE-2025-60233: WordPress Zuut theme = 1.4.2 - ... PHP object injection in WordPress themes = instant RCE playground for attackers who can craft malicious serialized payl... https://t.co/IgpaLoPW1V netsec vulnerability CVE sysadmin zeroday...

CVE-2026-25449 WordPress Traveler theme < 3.2.8.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Shinetheme Traveler allows Object Injection.This issue affects Traveler: from n/a before 3.2.8.1...

CVE-2026-25449

CVE-2026-25449 : The WordPress Traveler theme (Shinetheme Traveler) is affected prior to version 3.2.8.1 by a PHP object injection vulnerability caused by deserialization of untrusted data. The issue affects Traveler components (described as before 3.2.8.1) and is rated critical (CVSS 3.1 base sc...

WordPress Nexa Blocks plugin <= 1.1.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Nabil Irawan in WordPress Plugin Nexa Blocks versions = 1.1.1...

WordPress SUMO Affiliates Pro plugin < 11.4.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO in WordPress Plugin SUMO Affiliates Pro versions 11.4.0...

WordPress WishList Member X plugin <= 3.29.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by 0xd4rk5id3 in WordPress Plugin WishList Member X versions = 3.29.0...

PT-2026-26058

🚨 CVE-2026-25449: WordPress Traveler theme 3.2.8... PHP object injection in WordPress Traveler theme with 9.8 CVSS and zero auth requirements - RCE goldmine for mass WordP... https://t.co/VFpIhT0XqE netsec vulnerability CVE sysadmin zeroday...

WordPress Traveler theme < 3.2.8.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO in WordPress Theme Traveler versions 3.2.8.1...

WordPress EventPrime plugin <= 4.2.8.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO in WordPress Plugin EventPrime versions = 4.2.8.0...

WordPress WooCommerce Infinite Scroll plugin <= 1.6.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WooCommerce Infinite Scroll versions = 1.6.2...

WordPress Visionary Core plugin <= 1.4.9 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Visionary Core versions = 1.4.9...

WordPress Jobica Core plugin <= 1.4.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Jobica Core versions = 1.4.1...

WordPress Organici Library plugin <= 2.1.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin Organici Library versions = 2.1.2...

WordPress CitiLights theme <= 3.7.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme CitiLights versions = 3.7.1...

Exploit for Improper Input Validation in Typo3

TYPO3 CVE-2020-15099 — Unauthenticated RCE PHP Object Injecti...

EUVD-2026-11095

The divi-booster WordPress plugin before 5.0.2 does not have authorization and CSRF checks in one of its fixing function, allowing unauthenticated users to modify stored divi-booster WordPress plugin before 5.0.2 options. Furthermore, due to the use of unserialize on the data, this could be furth...

CVE-2026-2626

The divi-booster WordPress plugin before 5.0.2 does not have authorization and CSRF checks in one of its fixing function, allowing unauthenticated users to modify stored divi-booster WordPress plugin before 5.0.2 options. Furthermore, due to the use of unserialize on the data, this could be furth...

CVE-2026-2626 Divi Booster < 5.0.2 - Unauthenticated PHP Object Injection

The divi-booster WordPress plugin before 5.0.2 does not have authorization and CSRF checks in one of its fixing function, allowing unauthenticated users to modify stored divi-booster WordPress plugin before 5.0.2 options. Furthermore, due to the use of unserialize on the data, this could be furth...

EUVD-2026-11096

The divi-booster WordPress plugin before 5.0.2 does not have authorization and CSRF checks in one of its fixing function, allowing unauthenticated users to modify stored divi-booster WordPress plugin before 5.0.2 options. Furthermore, due to the use of unserialize on the data, this could be furth...

CVE-2026-2626

The vulnerability affects the divi-booster WordPress plugin prior to version 5.0.2. A lack of authorization and CSRF checks in a fixing function allows unauthenticated users to modify stored plugin options. Additionally, the use of unserialize() on the data could enable PHP Object Injection when ...