WordPress Advanced AJAX Product Filters plugin <= 3.1.9.6 - Authenticated (Author+) PHP Object Injection via Live Composer Compatibility vulnerability

Authenticated Author+ PHP Object Injection via Live Composer Compatibility vulnerability discovered by WordFence in WordPress Plugin Advanced AJAX Product Filters versions = 3.1.9.6...

CVE-2026-25316 WordPress CartFlows plugin <= 2.1.19 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Brainstorm Force CartFlows cartflows allows Object Injection.This issue affects CartFlows: from n/a through = 2.1.19...

CVE-2026-25316 WordPress CartFlows plugin <= 2.1.19 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Brainstorm Force CartFlows cartflows allows Object Injection.This issue affects CartFlows: from n/a through = 2.1.19...

CVE-2026-25316

CVE-2026-25316 affects the WordPress CartFlows plugin (CartFlows)

CVE-2026-23542 WordPress Grand Restaurant theme <= 7.0.10 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Object Injection.This issue affects Grand Restaurant: from n/a through = 7.0.10...

Linux Distros Unpatched Vulnerability : CVE-2026-27206

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Zumba Json Serializer is a library to serialize PHP variables in JSON format. In versions 3.2.2 and below, the library allows deserialization of PHP objects fro...

CVE-2026-1426

The Advanced AJAX Product Filters plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.9.6 via deserialization of untrusted input in the shortcodecheck function within the Live Composer compatibility layer. This makes it possible for authenticated...

CVE-2026-1426 Advanced AJAX Product Filters <= 3.1.9.6 - Authenticated (Author+) PHP Object Injection via Live Composer Compatibility

The Advanced AJAX Product Filters plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.9.6 via deserialization of untrusted input in the shortcodecheck function within the Live Composer compatibility layer. This makes it possible for authenticated...

CVE-2026-1426 Advanced AJAX Product Filters <= 3.1.9.6 - Authenticated (Author+) PHP Object Injection via Live Composer Compatibility

The Advanced AJAX Product Filters plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.9.6 via deserialization of untrusted input in the shortcodecheck function within the Live Composer compatibility layer. This makes it possible for authenticated...

WordPress Valenti theme <= 5.6.3.5 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Valenti versions = 5.6.3.5...

WordPress Grand Restaurant theme <= 7.0.10 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Grand Restaurant versions = 7.0.10...

WordPress wpForo Forum plugin <= 2.4.13 - Authenticated (Subscriber+) PHP Object Injection vulnerability

Authenticated Subscriber+ PHP Object Injection vulnerability discovered by Webbernaut in WordPress Plugin wpForo Forum versions = 2.4.13...

WordPress Woocommerce Category Banner Management plugin <= 2.5.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Woocommerce Category Banner Management versions = 2.5.1...

WordPress WP eCommerce plugin <= 3.15.1 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability discovered by yiğit ibrahim sağlam in WordPress Plugin WP eCommerce versions = 3.15.1...

CVE-2026-0910

The wpForo Forum plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.4.13 via deserialization of untrusted input in the 'wpforodisplayarraydata' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

CVE-2026-1235

The WP eCommerce WordPress plugin through 3.15.1 unserializes user input via ajax actions, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...

CVE-2026-0910 wpForo Forum <= 2.4.13 - Authenticated (Subscriber+) PHP Object Injection

The wpForo Forum plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.4.13 via deserialization of untrusted input in the 'wpforodisplayarraydata' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

CVE-2026-0910

wpForo Forum plugin for WordPress (versions up to 2.4.13) is vulnerable to PHP Object Injection via deserialization in wpforo_display_array_data. Exploitation requires an authenticated user with Subscriber-level access or higher. A POP chain must be present in another plugin or theme for practica...

WordPress Prestige theme < 1.4.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Theme Prestige versions 1.4.1...

WordPress Modal Popup Box plugin <= 1.6.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Modal Popup Box versions = 1.6.1...