CVE-2025-49401

CVE-2025-49401 affects the WordPress Quiz And Survey Master plugin (versions up to 10.2.5). The issue is a PHP object-injection vulnerability caused by deserialization of untrusted data in ExpressTech Systems Quiz And Survey Master, enabling potential arbitrary object injection. Exploitation deta...

CVE-2025-58839 WordPress eDS Responsive Menu Plugin <= 1.2 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in aThemeArt Translations eDS Responsive Menu eds-responsive-menu allows Object Injection.This issue affects eDS Responsive Menu: from n/a through = 1.2...

WordPress eDS Responsive Menu Plugin <= 1.2 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Drew / mcdruid in WordPress Plugin eDS Responsive Menu versions = 1.2...

WordPress Zuut theme <= 1.4.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Zuut versions = 1.4.2...

WordPress The Barber Shop theme <= 1.9 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme The Barber Shop versions = 1.9...

WordPress Single Property theme <= 2.8 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Single Property versions = 2.8...

WordPress Knowledge Base theme <= 2.9 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Knowledge Base versions = 2.9...

WordPress LTL Freight Quotes - TQL Edition Plugin <= 1.2.6 - PHP Object Injection Vulnerability

WordPress LTL Freight Quotes - TQL Edition Plugin = 1.2.6 - PHP Object Injection Vulnerability discovered by mcdruid in WordPress Plugin LTL Freight Quotes - TQL Edition versions = 1.2.6...

WordPress LTL Freight Quotes – Daylight Edition Plugin <= 2.2.7 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by mcdruid in WordPress Plugin LTL Freight Quotes – Daylight Edition versions = 2.2.7...

WordPress LTL Freight Quotes – Day & Ross Edition Plugin <= 2.1.11 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by mcdruid in WordPress Plugin LTL Freight Quotes – Day & Ross Edition versions = 2.1.11...

CVE-2025-58644

CVE-2025-58644 describes a PHP Object Injection in the WordPress plugin LTL Freight Quotes – TQL Edition (

CVE-2025-58642 WordPress LTL Freight Quotes – Day & Ross Edition Plugin <= 2.1.11 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in enituretechnology LTL Freight Quotes – Day & Ross Edition ltl-freight-quotes-day-ross-edition allows Object Injection.This issue affects LTL Freight Quotes – Day & Ross Edition: from n/a through = 2.1.11...

WordPress Quiz And Survey Master Plugin <= 10.2.5 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Quiz And Survey Master versions = 10.2.5...

WordPress plugin Fluent Forms 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

CVE-2025-9260 Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder 5.1.16 - 6.1.1 - Authenticated (Subscriber+) PHP Object Injection To Arbitrary File Read

The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to PHP Object Injection in versions 5.1.16 to 6.1.1 via deserialization of untrusted input in the parseUserProperties function. This makes it possible for authenticated...

WordPress FluentForm plugin 5.1.16-6.1.1 - Authenticated (Subscriber+) PHP Object Injection To Arbitrary File Read

Authenticated Subscriber+ PHP Object Injection To Arbitrary File Read vulnerability discovered by Webbernaut in WordPress Plugin FluentForm versions 5.1.16-6.1.1...

WordPress Client Invoicing by Sprout Invoices plugin <= 20.8.7 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by mcdruid in WordPress Plugin Client Invoicing by Sprout Invoices versions = 20.8.7...

PT-2025-35641

Name of the Vulnerable Software and Affected Versions: Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress versions 5.1.16 through 6.1.1 Description: The plugin is susceptible to PHP Object Injection due to deserialization of untrusted input...

CVE-2025-43960

Adminer 4.8.1, when using Monolog for logging, allows a Denial of Service memory consumption via a crafted serialized payload e.g., using s:1000000000, leading to a PHP Object Injection issue. Remote, unauthenticated attackers can trigger this by sending a malicious serialized object, which force...

CVE-2025-54731 WordPress YouTube Showcase Plugin <= 3.5.1 - PHP Object Injection Vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in emarket-design YouTube Showcase youtube-showcase allows Object Injection.This issue affects YouTube Showcase: from n/a through = 3.5.1...