CVE-2025-69036 WordPress Tech Life CPT plugin <= 16.4 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in strongholdthemes Tech Life CPT techlife-cpt allows Object Injection.This issue affects Tech Life CPT: from n/a through = 16.4...

CVE-2025-69035

CVE-2025-69035 describes a deserialization of untrusted data vulnerability in the WordPress plugin Dental Care CPT (by strongholdthemes) affecting versions up to 20.2. The issue enables PHP Object Injection via deserialization of untrusted data, with the attack surface limited to the plugin’s den...

CVE-2025-69002 WordPress OneLife theme <= 3.9 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in designthemes OneLife onelife allows Object Injection.This issue affects OneLife: from n/a through = 3.9...

CVE-2025-68899

CVE-2025-68899 (Vivagh theme, WordPress) Deserialization of untrusted data in designthemes Vivagh, affected up to version 2.4, enables Object Injection. Public sources (NVD/Red Hat/CVE list) confirm the flaw and affected scope but do not provide a confirmed fix or patched version. Related entries...

CVE-2025-68899 WordPress Vivagh theme <= 2.4 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in designthemes Vivagh vivagh allows Object Injection.This issue affects Vivagh: from n/a through = 2.4...

CVE-2025-68047 WordPress Eventin plugin <= 4.1.3 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Arraytics Eventin wp-event-solution allows Object Injection.This issue affects Eventin: from n/a through = 4.1.3...

CVE-2025-50004 WordPress JupiterX Core plugin <= 4.10.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in artbees JupiterX Core jupiterx-core allows Object Injection.This issue affects JupiterX Core: from n/a through = 4.10.1...

WordPress Eventin plugin <= 4.1.3 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by w41bu1 in WordPress Plugin Eventin versions = 4.1.3...

CVE-2026-0726

The Nexter Extension – Site Enhancements Toolkit plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.6 via deserialization of untrusted input in the 'nxtunserializereplace' function. This makes it possible for unauthenticated attackers to inject a...

CVE-2026-0726

The Nexter Extension – Site Enhancements Toolkit plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.6 via deserialization of untrusted input in the 'nxtunserializereplace' function. This makes it possible for unauthenticated attackers to inject a...

CVE-2026-0726 Nexter Extension – Site Enhancements Toolkit <= 4.4.6 - Unauthenticated PHP Object Injection via 'nxt_unserialize_replace'

The Nexter Extension – Site Enhancements Toolkit plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.6 via deserialization of untrusted input in the 'nxtunserializereplace' function. This makes it possible for unauthenticated attackers to inject a...

WordPress plugin Nexter Extension – Site Enhancements Toolkit code issues and vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

WordPress North theme <= 5.7.5 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme North versions = 5.7.5...

WordPress Vivagh theme <= 2.4 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Vivagh versions = 2.4...

WordPress Kids Heaven theme <= 3.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Kids Heaven versions = 3.2...

Realworld-for-Application_FUGIO_FirstFrameworkFuzzingDetectPOI

FUGIO Production Guide Introduction FUGIO is the firs...

CVE-2023-4971

The Weaver Xtreme Theme Support WordPress plugin before 6.3.1 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import a malicious file and a suitable gadget chain is present on the blog...

CVE-2018-10085

CMS Made Simple CMSMS through 2.2.6 allows PHP object injection because of an unserialize call in the getdata function of \lib\classes\internal\class.LoginOperations.php. By sending a crafted cookie, a remote attacker can upload and execute code, or delete files...

CVE-2018-1000059

ValidFormBuilder version 4.5.4 contains a PHP Object Injection vulnerability in Valid Form unserialize method that can result in Possible to execute unauthorised system commands remotely and disclose file contents in file system...

CVE-2016-10753

e107 2.1.2 allows PHP Object Injection with resultant SQL injection, because usersettings.php uses unserialize without an HMAC...