WordPress AI Power: Complete AI Pack plugin <= 1.8.96 - Authenticated (Admin+) PHP Object Injection via wpaicg_export_prompts vulnerability

Authenticated Admin+ PHP Object Injection via wpaicgexportprompts vulnerability discovered by Tran Anh Duc in WordPress Plugin GPT3 AI Content Writer versions = 1.8.96...

WordPress Tech Life CPT plugin <= 16.4 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Tech Life CPT versions = 16.4...

WordPress Dental Care CPT plugin <= 20.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Dental Care CPT versions = 20.2...

CVE-2025-68038 WordPress Icegram Express Pro plugin < 5.9.14 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Icegram Icegram Express Pro email-subscribers-premium allows Object Injection.This issue affects Icegram Express Pro: from n/a through 5.9.14...

CVE-2025-14071

The Live Composer – Free WordPress Website Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.2 via deserialization of untrusted input in the dslcmodulepostsoutput shortcode. This makes it possible for authenticated attackers, with...

EUVD-2025-204649

The Live Composer – Free WordPress Website Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.2 via deserialization of untrusted input in the dslcmodulepostsoutput shortcode. This makes it possible for authenticated attackers, with...

CVE-2025-14071

The Live Composer – Free WordPress Website Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.2 via deserialization of untrusted input in the dslcmodulepostsoutput shortcode. This makes it possible for authenticated attackers, with...

CVE-2025-14071 Live Composer – Free WordPress Website Builder <= 2.0.2 - Authenticated (Contributor+) PHP Object Injection via dslc_module_posts_output Shortcode

The Live Composer – Free WordPress Website Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.2 via deserialization of untrusted input in the dslcmodulepostsoutput shortcode. This makes it possible for authenticated attackers, with...

CVE-2025-14071 Live Composer – Free WordPress Website Builder <= 2.0.2 - Authenticated (Contributor+) PHP Object Injection via dslc_module_posts_output Shortcode

The Live Composer – Free WordPress Website Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.2 via deserialization of untrusted input in the dslcmodulepostsoutput shortcode. This makes it possible for authenticated attackers, with...

CVE-2025-14071

The CVE-2025-14071 entry concerns the Live Composer – Free WordPress Website Builder plugin for WordPress. Affected: all versions up to and including 2.0.2, via deserialization of untrusted input in the dslc_module_posts_output shortcode, enabling PHP Object Injection. Exploitation requires authe...

PT-2025-52575

Name of the Vulnerable Software and Affected Versions Live Composer – Free WordPress Website Builder plugin versions prior to 2.0.3 Description The Live Composer – Free WordPress Website Builder plugin for WordPress is susceptible to PHP Object Injection due to deserialization of untrusted input...

CVE-2025-65035

pluginsGLPI's Database Inventory Plugin "manages" the Teclib' inventory agents in order to perform an inventory of the databases present on the workstation. Prior to version 1.1.2, in certain conditions database write access must first be obtained through another vulnerability or misconfiguration...

EUVD-2025-204565

pluginsGLPI's Database Inventory Plugin "manages" the Teclib' inventory agents in order to perform an inventory of the databases present on the workstation. Prior to version 1.1.2, in certain conditions database write access must first be obtained through another vulnerability or misconfiguration...

CVE-2025-64266 WordPress Booking and Rental Manager plugin <= 2.5.4 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Object Injection.This issue affects Booking and Rental Manager: from n/a through = 2.5.4...

CVE-2025-60180

CVE-2025-60180 concerns a deserialization of untrusted data vulnerability in the WordPress plugin WP Gravity Forms Salesforce gf-salesforce-crmperks . The issue affects WP Gravity Forms Salesforce versions up to 1.5.1 and is described as PHP Object Injection caused by deserializing untrusted inpu...

CVE-2025-60080 WordPress PDF for Gravity Forms + Drag And Drop Template Builder plugin <= 6.5.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in add-ons.org PDF for Gravity Forms + Drag And Drop Template Builder pdf-for-gravity-forms allows Object Injection.This issue affects PDF for Gravity Forms + Drag And Drop Template Builder: from n/a through = 6.5.0...

PT-2025-52346

Name of the Vulnerable Software and Affected Versions to3k Twittodon versions prior to commit b1c58a7d1dc664b38deb486ca290779621342c0b Description An insecure deserialization issue exists in the download.php script of the to3k Twittodon application. The obj parameter accepts base64-encoded data...

CVE-2025-14476

The Doubly – Cross Domain Copy Paste for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.46 via deserialization of untrusted input from the content.txt file within uploaded ZIP archives. This makes it possible for authenticated...

CVE-2025-14476

The Doubly – Cross Domain Copy Paste for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.46 via deserialization of untrusted input from the content.txt file within uploaded ZIP archives. This makes it possible for authenticated...

CVE-2025-14476

CVE-2025-14476 concerns the WordPress plugin “Doubly – Cross Domain Copy Paste.” According to Wordfence, versions up to and including 1.0.46 are vulnerable to PHP Object Injection via deserialization of untrusted input from content.txt inside uploaded ZIP archives. The issue is exploitable by aut...