3585 matches found
CVE-2025-6464
The CVE concerns the WordPress Forminator Forms plugin (versions up to and including 1.44.2). It enables PHP Object Injection through deserialization of untrusted input in the entry_delete_upload_files function, triggered when a form submission is deleted (admin or auto-deletion). Exploitation re...
CVE-2025-6464 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.44.2 - Unauthenticated PHP Object Injection (PHAR) Triggered via Administrator Form Submission Deletion
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.44.2 via deserialization of untrusted input in the 'entrydeleteuploadfiles' function. This makes it possible for unauthenticat...
WordPress Everest Forms - Frontend Listing plugin <= 1.0.5 - PHP Object Injection Vulnerability
WordPress Everest Forms - Frontend Listing plugin = 1.0.5 - PHP Object Injection Vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Everest Forms - Frontend Listing versions = 1.0.5...
PT-2025-27604 · WordPress · Education Theme
Name of the Vulnerable Software and Affected Versions: Education theme for WordPress versions up to, and including, 3.6.10 Description: The issue allows unauthenticated attackers to inject a PHP Object via deserialization of untrusted input in the themerex callback view more posts function. This...
WordPress Education Center Theme <= 3.6.10 is vulnerable to PHP Object Injection
Software Education Center Type Theme Vulnerable versions = 3.6.10 Fixed in 3.6.11 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-13786 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 511daf731ac0 Credits Lucio Sá Required privilege...
PT-2025-27602 · WordPress · The Forminator Forms
Name of the Vulnerable Software and Affected Versions: The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress versions up to, and including, 1.44.2 Description: The issue is related to PHP Object Injection via deserialization of untrusted input in the entry...
WordPress Forminator plugin <= 1.44.2 - Unauthenticated PHP Object Injection (PHAR) Triggered via Administrator Form Submission Deletion vulnerability
Unauthenticated PHP Object Injection PHAR Triggered via Administrator Form Submission Deletion vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Forminator versions = 1.44.2...
WordPress Amwerk Theme <= 1.2.0 is vulnerable to PHP Object Injection
Software Amwerk Type Theme Vulnerable versions = 1.2.0 Fixed in 1.3.0 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-52724 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 03a8b40aebf6 Credits Bonds Required privilege Unauthenticated Published...
WordPress CouponXxL Theme <= 3.0.0 is vulnerable to PHP Object Injection
Software CouponXxL Type Theme Vulnerable versions = 3.0.0 Fixed in 3.1.0 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-52725 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 04cffe8dee73 Credits Bonds Required privilege Unauthenticated...
WordPress Everest Forms Plugin <= 3.2.2 is vulnerable to PHP Object Injection
Software Everest Forms Type Plugin Vulnerable versions = 3.2.2 Fixed in 3.2.3 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-52709 Patch priority High CVSS severity High 9.8 Developer Everest Forms PSID ed6f018dd59f Credits Phat RiO - BlueRock Required privilege...
CVE-2025-28970 WordPress WP Optimize By xTraffic plugin <= 5.1.6 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in pep.vn WP Optimize By xTraffic wp-optimize-by-xtraffic allows Object Injection.This issue affects WP Optimize By xTraffic: from n/a through = 5.1.6...
CVE-2025-28970 WordPress WP Optimize By xTraffic plugin <= 5.1.6 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in pep.vn WP Optimize By xTraffic wp-optimize-by-xtraffic allows Object Injection.This issue affects WP Optimize By xTraffic: from n/a through = 5.1.6...
CVE-2025-28970
CVE-2025-28970: PHP Object Injection via deserialization in WP Optimize By xTraffic (WordPress plugin). Affected: WP Optimize By xTraffic versions up to and including 5.1.6. Status: Unpatched in the public CVE references. Root cause: Deserialization of untrusted data leading to object injection. ...
CVE-2025-52709
...
CVE-2025-52709
...
CVE-2025-52724 WordPress Amwerk theme <= 1.2.0 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in BoldThemes Amwerk allows Object Injection. This issue affects Amwerk: from n/a through 1.2.0...
CVE-2025-52725 WordPress CouponXxL theme <= 3.0.0 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in pebas CouponXxL couponxxl allows Object Injection.This issue affects CouponXxL: from n/a through = 3.0.0...
CVE-2025-52724 WordPress Amwerk theme <= 1.2.0 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in BoldThemes Amwerk amwerk allows Object Injection.This issue affects Amwerk: from n/a through = 1.2.0...
CVE-2025-52725
CVE-2025-52725 describes a deserialization of untrusted data vulnerability in WordPress theme CouponXxL (versions up to 3.0.0). Root cause is PHP Object Injection via untrusted data processing. The issue is rated CRITICAL (CVSSv3.1: Network, Low attack complexity, No user interaction, scope UNCHA...
CVE-2025-52826 WordPress Sala theme <= 1.1.3 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in uxper Sala allows Object Injection. This issue affects Sala: from n/a through 1.1.3...