CVE-2026-1542

The Super Stage WP WordPress plugin through 1.0.1 unserializes user input via REQUEST, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...

CVE-2026-1542

The CVE-2026-1542 entry concerns the Super Stage WP WordPress plugin (vulnerable through 1.0.1). It describes an insecure unserialization of user input from REQUEST, leading to PHP Object Injection when a suitable gadget exists on the blog. The vulnerability is exploitable by unauthenticated user...

CVE-2026-1542 Super Stage WP <= 1.0.1 - Unauthenticated PHP Object Injection

The Super Stage WP WordPress plugin through 1.0.1 unserializes user input via REQUEST, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...

CVE-2026-1542 Super Stage WP <= 1.0.1 - Unauthenticated PHP Object Injection

The Super Stage WP WordPress plugin through 1.0.1 unserializes user input via REQUEST, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...

CVE-2026-1542

The Super Stage WP WordPress plugin through 1.0.1 unserializes user input via REQUEST, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...

PT-2026-22464

Name of the Vulnerable Software and Affected Versions WP Mail Logging versions prior to 1.15.1 Description The WP Mail Logging plugin for WordPress is susceptible to PHP Object Injection in versions up to and including 1.15.0. This occurs due to the deserialization of untrusted input from the ema...

PT-2026-22463

The Super Stage WP WordPress plugin through 1.0.1 unserializes user input via REQUEST, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...

WordPress plugin WP Mail Logging 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

WordPress Good Energy theme <= 1.7.7 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Good Energy versions = 1.7.7...

WordPress Celeste theme <= 1.3.6 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Celeste versions = 1.3.6...

WordPress NextScripts plugin <= 4.4.7 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin NextScripts versions = 4.4.7...

WordPress Kingler theme <= 1.7 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Kingler versions = 1.7...

CVE-2026-24891

openITCOCKPIT is an open source monitoring tool built for different monitoring engines like Nagios, Naemon and Prometheus. Versions 5.3.1 and below contain an unsafe deserialization sink in the Gearman worker implementation. The worker function registered as oitcgearman calls PHP's unserialize on...

CVE-2026-27206 Zumba Json Serializer has a potential PHP Object Injection via Unrestricted @type in unserialize()

Zumba Json Serializer is a library to serialize PHP variables in JSON format. In versions 3.2.2 and below, the library allows deserialization of PHP objects from JSON using a special @type field. The deserializer instantiates any class specified in the @type field without restriction. When...

CVE-2026-27206

CVE-2026-27206 is captured in the Debian security tracker as a potential PHP object injection vulnerability: “Potential PHP Object Injection via Unrestricted @type in unserialize()”. The connected document does not specify affected products, versions, or a concrete root cause beyond the unrestric...

CVE-2026-27206

Zumba Json Serializer is a library to serialize PHP variables in JSON format. In versions 3.2.2 and below, the library allows deserialization of PHP objects from JSON using a special @type field. The deserializer instantiates any class specified in the @type field without restriction. When...

CVE-2026-27206 Zumba Json Serializer has a potential PHP Object Injection via Unrestricted @type in unserialize()

Zumba Json Serializer is a library to serialize PHP variables in JSON format. In versions 3.2.2 and below, the library allows deserialization of PHP objects from JSON using a special @type field. The deserializer instantiates any class specified in the @type field without restriction. When...

CVE-2026-27206 Zumba Json Serializer has a potential PHP Object Injection via Unrestricted @type in unserialize()

Zumba Json Serializer is a library to serialize PHP variables in JSON format. In versions 3.2.2 and below, the library allows deserialization of PHP objects from JSON using a special @type field. The deserializer instantiates any class specified in the @type field without restriction. When...

CVE-2026-22384

CVE-2026-22384 describes a deserialization vulnerability in the WordPress plugin Applay - Shortcodes (versions up to and including 3.7) that enables PHP Object Injection via untrusted data. The WP-exposed issue is associated with the leafcolor Applay - Shortcodes code path and is rated CRITICAL (...

CVE-2026-22354

Summary of CVE-2026-22354 (WordPress WooCommerce Banner Management plugin &lt;= 2.5.1): The issue is a PHP object injection due to deserialization of untrusted data in the Banner Management for WooCommerce component. Affected product/version: Banner Management, Product Slider & Carousel for WooCo...