CVE-2025-7825 Schema Plugin For Divi, Gutenberg & Shortcodes <= 4.3.2 - Authenticated (Contributor+) Object Instantiation

The Schema Plugin For Divi, Gutenberg & Shortcodes plugin for WordPress is vulnerable to Object Instantiation in all versions up to, and including, 4.3.2 via deserialization of untrusted input via the wptschemabreadcrumbs shortcode. This makes it possible for authenticated attackers, with...

WordPress WooCommerce Vehicle Parts Finder plugin <= 3.7 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Aiden in WordPress Plugin WooCommerce Vehicle Parts Finder versions = 3.7...

WordPress Icegram Express Pro plugin < 5.9.14 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by theviper17 in WordPress Plugin Icegram Express Pro versions 5.9.14...

WordPress DentiCare Theme < 1.4.3 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Bonds Patchstack Alliance in WordPress Theme DentiCare versions 1.4.3...

WordPress Goldenblatt theme < 1.3.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Bonds in WordPress Theme Goldenblatt versions 1.3.0...

WordPress DentiCare Theme < 1.4.3 is vulnerable to PHP Object Injection

Software DentiCare Type Theme Vulnerable versions 1.4.3 Fixed in 1.4.3 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-54723 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID c2cef3d0d976 Credits Bonds Required privilege Unauthenticated Publishe...

WordPress GSheets Connector Plugin <= 1.1.1 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Drew / mcdruid in WordPress Plugin GSheets Connector versions = 1.1.1...

WordPress ConveyThis plugin <= 269.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by mcdruid in WordPress Plugin ConveyThis versions = 269.1...

CVE-2025-53465

CVE-2025-53465 describes a deserialization of untrusted data vulnerability in the raoinfotech GSheets Connector. This allows Object Injection and affects the GSheets Connector versions from n/a through 1.1.1. The CVSS 3.1 base score is 7.2 (High) with network attack vector, low attack complexity,...

CVE-2025-53465 WordPress GSheets Connector Plugin <= 1.1.1 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in raoinfotech GSheets Connector sheetlink allows Object Injection.This issue affects GSheets Connector: from n/a through = 1.1.1...

CVE-2025-9083

The Ninja Forms WordPress plugin before 3.11.1 unserializes user input via form field, which could allow Unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...

CVE-2025-9083 Ninja-forms < 3.11.1 - Unauthenticated PHP Objection

The Ninja Forms WordPress plugin before 3.11.1 unserializes user input via form field, which could allow Unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...

CVE-2025-9083

CVE-2025-9083 affects Ninja Forms for WordPress (pre-3.11.1). The vulnerability arises from unserializing user input in a form field, enabling unauthenticated PHP Object Injection when a suitable gadget exists on the blog. Remediation: upgrade Ninja Forms to version 3.11.1 or later (patched in so...

PT-2025-38301

Name of the Vulnerable Software and Affected Versions Ninja Forms WordPress plugin versions prior to 3.11.1 Description The Ninja Forms WordPress plugin is susceptible to PHP Object Injection due to the unserialization of user-supplied data through form fields. This allows unauthenticated users t...

WordPress Falang multilanguage Plugin <= 1.3.65 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Falang multilanguage versions = 1.3.65...

WordPress Ninja-forms plugin < 3.11.1 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability discovered by wcraft in WordPress Plugin Ninja Forms versions 3.11.1...

CVE-2025-53303 WordPress ThemeMove Core Plugin <= 1.4.2 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in ThemeMove ThemeMove Core thememove-core allows Object Injection.This issue affects ThemeMove Core: from n/a through = 1.4.2...

CVE-2025-48101 WordPress Constant Contact for WordPress Plugin <= 4.1.1 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in webdevstudios Constant Contact for WordPress allows Object Injection. This issue affects Constant Contact for WordPress: from n/a through 4.1.1...

CVE-2025-47579 WordPress Photography Theme <= 7.7.2 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in ThemeGoods Photography photography allows Object Injection.This issue affects Photography: from n/a through = 7.7.2...

WordPress Scape theme <= 1.5.13 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Aiden in WordPress Theme Scape versions = 1.5.13...