WordPress Hillter Theme <= 3.0.7 is vulnerable to PHP Object Injection

Software Hillter Type Theme Vulnerable versions = 3.0.7 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-24777 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 8e030521d3a0 Credits Bonds Required privilege Subscriber Published 8 Jul...

WordPress Yogi Theme <= 2.9.0 is vulnerable to PHP Object Injection

Software Yogi Type Theme Vulnerable versions = 2.9.0 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-24779 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 10b2a1712298 Credits Bonds Required privilege Subscriber Published 8 July,...

WordPress Noisa Theme <= 2.6.0 is vulnerable to PHP Object Injection

Software Noisa Type Theme Vulnerable versions = 2.6.0 Fixed in 2.6.2 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-53560 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 60e4fbd75f25 Credits Bonds Required privilege Subscriber Published 8 Jul...

WordPress Site Chat on Telegram plugin <= 1.0.4 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Drew / mcdruid in WordPress Plugin Site Chat on Telegram versions = 1.0.4...

WordPress CoSchool LMS plugin <= 1.4.3 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Drew / mcdruid in WordPress Plugin CoSchool LMS versions = 1.4.3...

WordPress Subscribe to Download plugin <= 2.0.9 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Subscribe to Download versions = 2.0.9...

CVE-2025-52828 WordPress Red Art theme <= 3.8 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in designthemes Red Art redart allows Object Injection.This issue affects Red Art: from n/a through = 3.8...

CVE-2025-52828 WordPress Red Art theme <= 3.8 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in designthemes Red Art redart allows Object Injection.This issue affects Red Art: from n/a through = 3.8...

CVE-2025-52828

CVE-2025-52828 describes a Deserialization of Untrusted Data vulnerability in the WordPress theme designthemes Red Art, enabling PHP Object Injection. Affected: Red Art versions up to 3.7 (and potentially &lt;=3.8 per Patchstack reference). Root cause: deserializing untrusted data within the them...

CVE-2024-13786

The education theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.6.10 via deserialization of untrusted input in the 'themerexcallbackviewmoreposts' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP...

CVE-2025-6464

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.44.2 via deserialization of untrusted input in the 'entrydeleteuploadfiles' function. This makes it possible for unauthenticat...

WordPress Forminator Plugin < 1.44.3 Multiple Vulnerabilities

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:incsub:forminator"; ifdescription...

WordPress Education Center theme <= 3.6.10 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Lucio Sá in WordPress Theme Education Center versions = 3.6.10...

CVE-2024-13786

The education theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.6.10 via deserialization of untrusted input in the 'themerexcallbackviewmoreposts' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP...

CVE-2024-13786 Education Center | LMS & Online Courses WordPress Theme <= 3.6.10 - PHP Object Injection

The education theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.6.10 via deserialization of untrusted input in the 'themerexcallbackviewmoreposts' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP...

CVE-2024-13786 Education Center | LMS & Online Courses WordPress Theme <= 3.6.10 - PHP Object Injection

The education theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.6.10 via deserialization of untrusted input in the 'themerexcallbackviewmoreposts' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP...

CVE-2024-13786

CVE-2024-13786 affects the WordPress Education Center theme (

CVE-2025-6464

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.44.2 via deserialization of untrusted input in the 'entrydeleteuploadfiles' function. This makes it possible for unauthenticat...

CVE-2025-6464

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.44.2 via deserialization of untrusted input in the 'entrydeleteuploadfiles' function. This makes it possible for unauthenticat...

CVE-2025-6464 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.44.2 - Unauthenticated PHP Object Injection (PHAR) Triggered via Administrator Form Submission Deletion

The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.44.2 via deserialization of untrusted input in the 'entrydeleteuploadfiles' function. This makes it possible for unauthenticat...