CVE-2017-18583

The post-pay-counter plugin before 2.731 for WordPress has PHP Object Injection...

CVE-2017-18604

The sitebuilder-dynamic-components plugin through 1.0 for WordPress has PHP object injection via an AJAX request...

CVE-2017-18605

The gravitate-qa-tracker plugin through 1.2.1 for WordPress has PHP Object Injection...

CVE-2017-18375

Ampache 3.8.3 allows PHP Object Instantiation via democratic.ajax.php and democratic.class.php...

CVE-2019-20452

A problem was found in Pydio Core before 8.2.4 and Pydio Enterprise before 8.2.4. A PHP object injection is present in the page plugins/core.access/src/RecycleBinManager.php. An authenticated user with basic privileges can inject objects and achieve remote code execution...

CVE-2019-20453

A problem was found in Pydio Core before 8.2.4 and Pydio Enterprise before 8.2.4. A PHP object injection is present in the page plugins/uploader.http/HttpDownload.php. An authenticated user with basic privileges can inject objects and achieve remote code execution...

CVE-2020-12469

admin/blocks.php in Subrion CMS through 4.2.1 allows PHP Object Injection with resultant file deletion via serialized data in the subpages value within a block to blocks/edit...

CVE-2020-24036

PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code...

CVE-2023-4402

The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the getproducts function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugi...

CVE-2023-4386

The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the getposts function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. ...

CVE-2025-67911 WordPress Newsletters plugin <= 4.11 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Tribulant Software Newsletters newsletters-lite allows Object Injection.This issue affects Newsletters: from n/a through = 4.11...

CVE-2025-67911 WordPress Newsletters plugin <= 4.11 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Tribulant Software Newsletters newsletters-lite allows Object Injection.This issue affects Newsletters: from n/a through = 4.11...

CVE-2025-67911

CVE-2025-67911 describes a Deserialization of Untrusted Data vulnerability in the Tribulant Software Newsletters newsletters-lite plugin. The WordPress/newsletters entry states unauthenticated Object Injection via deserialization, affecting Newsletters: from n/a through

CVE-2025-47552 WordPress DZS Video Gallery plugin <= 12.37 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in Digital zoom studio DZS Video Gallery allows Object Injection.This issue affects DZS Video Gallery: from n/a through 12.37...

CVE-2024-2017

The Countdown, Coming Soon, Maintenance – Countdown & Clock plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the conditionsRow and switchCountdown functions in all versions up to, and including, 2.7.8. This makes it possible for authenticated attacker...

CVE-2025-1657

The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to unauthorized modification of data and PHP Object Injection due to a missing capability check on the stmlistingajax AJAX action in all versions up to, and including, 2.2.0. This makes it possible for...

CVE-2024-2018

The WP Activity Log Premium plugin for WordPress is vulnerable to SQL Injection via the entry-roles parameter in all versions up to, and including, 4.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possibl...

CVE-2024-2694

The Betheme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 27.5.6 via deserialization of untrusted input of the 'mfn-page-items' post meta value. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

CVE-2024-2290

The Advanced Ads plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.52.1 via deserialization of untrusted input in the 'placementslug' parameter. This makes it possible for authenticated attackers to inject a PHP Object. No POP chain is present in t...

CVE-2024-2025

The "BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages" plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.4.20 via deserialization of untrusted input in the getsimplerequest function. This makes it possible for...