3584 matches found
CVE-2025-43960
Adminer 4.8.1, when using Monolog for logging, allows a Denial of Service memory consumption via a crafted serialized payload e.g., using s:1000000000, leading to a PHP Object Injection issue. Remote, unauthenticated attackers can trigger this by sending a malicious serialized object, which force...
CVE-2025-54731 WordPress YouTube Showcase Plugin <= 3.5.1 - PHP Object Injection Vulnerability
Improper Control of Generation of Code 'Code Injection' vulnerability in emarket-design YouTube Showcase youtube-showcase allows Object Injection.This issue affects YouTube Showcase: from n/a through = 3.5.1...
CVE-2025-53584
CVE-2025-53584 affects the WordPress plugin WP Ticket Customer Service Software & Support Ticket System (versions up to 6.0.2). The issue is a PHP Object Injection caused by deserialization of untrusted data. CVSS v3.1 base score 8.1 (High) with network attack vector and no user interaction. Word...
CVE-2025-53584 WordPress WP Ticket Customer Service Software & Support Ticket System Plugin <= 6.0.2 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in emarket-design WP Ticket Customer Service Software & Support Ticket System allows Object Injection. This issue affects WP Ticket Customer Service Software & Support Ticket System: from n/a through 6.0.2...
CVE-2025-53583 WordPress Employee Spotlight Plugin <= 5.1.1 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in emarket-design Employee Spotlight employee-spotlight allows Object Injection.This issue affects Employee Spotlight: from n/a through = 5.1.1...
CVE-2025-53243 WordPress Employee Directory – Staff Listing & Team Directory Plugin for WordPress Plugin <= 4.5.3 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in emarket-design Employee Directory – Staff Listing & Team Directory Plugin for WordPress allows Object Injection. This issue affects Employee Directory – Staff Listing & Team Directory Plugin for WordPress: from n/a through 4.5.3...
WordPress Small Package Quotes – USPS Edition Plugin <= 1.3.9 - PHP Object Injection Vulnerability
PHP Object Injection Vulnerability discovered by Drew / mcdruid in WordPress Plugin Small Package Quotes – USPS Edition versions = 1.3.9...
WordPress ThemeREX Addons plugin <= 2.36.1.1 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Bonds in WordPress Plugin ThemeREX Addons versions = 2.36.1.1...
SUSE CVE-2025-43960
Adminer 4.8.1, when using Monolog for logging, allows a Denial of Service memory consumption via a crafted serialized payload e.g., using s:1000000000, leading to a PHP Object Injection issue. Remote, unauthenticated attackers can trigger this by sending a malicious serialized object, which force...
WordPress Cars4Rent Theme <= 1.4.2 - PHP Object Injection Vulnerability
PHP Object Injection Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Cars4Rent versions = 1.4.2...
WordPress Rozario Theme <= 1.4 - PHP Object Injection Vulnerability
PHP Object Injection Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Rozario versions = 1.4...
WordPress The Restaurant Theme <= 1.4.1 is vulnerable to PHP Object Injection
Software The Restaurant Type Theme Vulnerable versions = 1.4.1 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-31927 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID b3568a9880cd Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber...
WordPress Cars4Rent Theme <= 1.4.2 is vulnerable to PHP Object Injection
Software Cars4Rent Type Theme Vulnerable versions = 1.4.2 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-49434 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 74545c19b3cf Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...
WordPress Rozario Theme <= 1.4 is vulnerable to PHP Object Injection
Software Rozario Type Theme Vulnerable versions = 1.4 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-31927 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 49288bc6ac10 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity...
CVE-2025-43960
Adminer 4.8.1, when using Monolog for logging, allows a Denial of Service memory consumption via a crafted serialized payload e.g., using s:1000000000, leading to a PHP Object Injection issue. Remote, unauthenticated attackers can trigger this by sending a malicious serialized object, which force...
CVE-2025-43960
Adminer 4.8.1, when using Monolog for logging, allows a Denial of Service memory consumption via a crafted serialized payload e.g., using s:1000000000, leading to a PHP Object Injection issue. Remote, unauthenticated attackers can trigger this by sending a malicious serialized object, which force...
WordPress WP Easy Contact Plugin <= 4.0.1 - PHP Object Injection Vulnerability
PHP Object Injection Vulnerability discovered by astra.r3verii in WordPress Plugin WP Easy Contact versions = 4.0.1...
WordPress WP Ticket Customer Service Software & Support Ticket System Plugin <= 6.0.2 - PHP Object Injection Vulnerability
PHP Object Injection Vulnerability discovered by astra.r3verii in WordPress Plugin WP Ticket Customer Service Software & Support Ticket System versions = 6.0.2...
WordPress Employee Spotlight Plugin <= 5.1.1 - PHP Object Injection Vulnerability
PHP Object Injection Vulnerability discovered by astra.r3verii in WordPress Plugin Employee Spotlight versions = 5.1.1...
WordPress YouTube Showcase Plugin <= 3.5.1 - PHP Object Injection Vulnerability
PHP Object Injection Vulnerability discovered by astra.r3verii in WordPress Plugin YouTube Showcase versions = 3.5.1...