CVE-2026-1235

The WP eCommerce WordPress plugin through 3.15.1 unserializes user input via ajax actions, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...

CVE-2026-1235

The vulnerability CVE-2026-1235 affects the WP eCommerce WordPress plugin (up to version 3.15.1). It arises from unserializing user input via ajax actions, enabling PHP Object Injection when a suitable gadget is present on the blog. Impact is unauthenticated access to trigger the issue; exploitat...

CVE-2026-1235 WP eCommerce <= 3.15.1 - Unauthenticated PHP Object Injection

The WP eCommerce WordPress plugin through 3.15.1 unserializes user input via ajax actions, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...

CVE-2026-1235 WP eCommerce <= 3.15.1 - Unauthenticated PHP Object Injection

The WP eCommerce WordPress plugin through 3.15.1 unserializes user input via ajax actions, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...

WordPress plugin WP eCommerce 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

WordPress plugin wpForo Forum 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

WordPress Travelicious theme < 1.6.7 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Travelicious versions 1.6.7...

WordPress Nestin theme < 1.2.6 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Nestin versions 1.2.6...

WordPress PatioTime theme < 2.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme PatioTime versions 2.1...

WordPress Booking and Rental Manager plugin <= 2.5.9 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Booking and Rental Manager versions = 2.5.9...

WordPress Contact Manager plugin <= 9.1.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Skalucy in WordPress Plugin Contact Manager versions = 9.1.1...

UNA CMS <= 14.0.0-RC4 - PHP Object Injection

The vulnerability is located in the /template/scripts/BxBaseMenuSetAclLevel.php script. Specifically, within the BxBaseMenuSetAclLevel::getCode method. When calling this method, user input passed through the "profileid" POST parameter is not properly sanitized before being used in a call to the...

📄 Blesta 5.13.1 Admin Interface PHP Object Injection

Blesta versions 3.0.0 through 5.13.1 suffer from an administrative interface PHP object injection vulnerability. The vulnerabilities exist because user input passed through the vars and orderinfo POST parameters when dispatching the /app/controllers/adminclients.php script, and through the...

VulnCheck KEV: CVE-2024-12877

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.19.2 via deserialization of untrusted input from the donation form like 'firstName'. This makes it possible for unauthenticated attackers to...

WordPress Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin <= 1.6.4 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability discovered by Peter Thaleikis in WordPress Plugin Ultimate Store Kit Elementor Addons versions = 1.6.4...

VulnCheck KEV: CVE-2024-2053

The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. This issue was demonstrated on version 4.50 of the The Artica-Proxy administrative web application attempts to...

WordPress ModelTheme Addons for WPBakery and Elementor plugin < 1.5.6 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin ModelTheme Addons for WPBakery and Elementor versions 1.5.6...

WordPress PeakShops theme <= 1.5.9 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme PeakShops versions = 1.5.9...

CVE-2025-69099 WordPress North theme <= 5.7.5 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in fuelthemes North north-wp allows Object Injection.This issue affects North: from n/a through = 5.7.5...

CVE-2025-69099

CVE-2025-69099 describes a Deserialization of Untrusted Data vulnerability in the WordPress theme North (North North WP). Affected product: North: north-wp, versions from n/a through and including 5.7.5. Root cause: PHP object deserialization leading to Object Injection. Impact: as per CVSS 3.1/3...