CVE-2025-34292 BeWelcome/Rox PHP Object Injection RCE

Rox, the software running BeWelcome, contains a PHP object injection vulnerability resulting from deserialization of untrusted data. User-controlled input is passed to PHP's unserialize: the POST parameter formkitmemoryrecovery in \RoxPostHandler::getCallbackAction and the 'memory cookie' read by...

CVE-2025-62025 WordPress JobSearch plugin < 3.0.8 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in eyecix JobSearch wp-jobsearch.This issue affects JobSearch: from n/a through 3.0.8...

CVE-2025-62025

CVE-2025-62025 is a PHP Object Injection vulnerability affecting the WordPress plugin JobSearch WP Job Board (versions earlier than 3.0.8). The connected sources identify an unauthenticated PHP Object Injection in JobSearch

CVE-2025-62008 WordPress Product Table For WooCommerce plugin <= 1.2.4 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in acowebs Product Table For WooCommerce product-table-for-woocommerce.This issue affects Product Table For WooCommerce: from n/a through = 1.2.4...

CVE-2025-60238

CVE-2025-60238 describes a deserialization of untrusted data vulnerability in the WordPress plugin UNIVERSAM (universam-demo) affecting versions from n/a through

CVE-2025-60228 WordPress Knowledge Base theme <= 2.9 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in designthemes Knowledge Base kbase allows Object Injection.This issue affects Knowledge Base: from n/a through = 2.9...

CVE-2025-60234

CVE-2025-60234 concerns the WordPress Single Property theme (versions

CVE-2025-60225

CVE-2025-60225 is a deserialization-of-untrusted-data vulnerability affecting WordPress BugsPatrol theme (≤ 1.5.0). The issue is a PHP Object Injection flaw in BugsPatrol’s deserialization path, as reported across multiple trusted sources. The available connected documents confirm the affected pr...

CVE-2025-60216 WordPress Addison theme < 1.4.8 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in BoldThemes Addison addison allows Object Injection.This issue affects Addison: from n/a through 1.4.8...

CVE-2025-60214

CVE-2025-60214: A Deserialization of Untrusted Data vulnerability in the WordPress Goldenblatt theme (Goldenblatt) up to version 1.2.1 allows PHP Object Injection. The issue affects Goldenblatt versions n/a—

CVE-2025-60214 WordPress Goldenblatt theme < 1.3.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in BoldThemes Goldenblatt goldenblatt allows Object Injection.This issue affects Goldenblatt: from n/a through 1.3.0...

CVE-2025-60212 WordPress VEDA Theme <= 4.2 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in designthemes VEDA veda allows Object Injection.This issue affects VEDA: from n/a through = 4.2...

CVE-2025-52740 WordPress Boldermail Plugin <= 2.4.0 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in Hernan Villanueva Boldermail boldermail allows Object Injection.This issue affects Boldermail: from n/a through = 2.4.0...

CVE-2025-52737 WordPress WP Store Locator plugin <= 2.2.260 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Tijmen Smit WP Store Locator wp-store-locator allows Object Injection.This issue affects WP Store Locator: from n/a through = 2.2.260...

CVE-2025-49380 WordPress WooCommerce Vehicle Parts Finder plugin <= 3.7 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in wpinstinct WooCommerce Vehicle Parts Finder woo-vehicle-parts-finder allows Object Injection.This issue affects WooCommerce Vehicle Parts Finder: from n/a through = 3.7...

CVE-2025-49380 WordPress WooCommerce Vehicle Parts Finder plugin <= 3.7 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in wpinstinct WooCommerce Vehicle Parts Finder woo-vehicle-parts-finder allows Object Injection.This issue affects WooCommerce Vehicle Parts Finder: from n/a through = 3.7...

CVE-2025-32283 WordPress Solar Energy theme <= 3.5 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in designthemes Solar Energy solar allows Object Injection.This issue affects Solar Energy: from n/a through = 3.5...

CVE-2025-32283 WordPress Solar Energy theme <= 3.5 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in designthemes Solar Energy solar allows Object Injection.This issue affects Solar Energy: from n/a through = 3.5...

WordPress Codiqa theme < 1.2.8 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Bonds in WordPress Theme Codiqa versions 1.2.8...

CVE-2017-20207

The Flickr Gallery plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.5.2 via deserialization of untrusted input from the pager parameter. This allows unauthenticated attackers to inject a PHP Object. Attackers were actively exploiting this vulnerabilit...