3718 matches found
CVE-2025-52828
CVE-2025-52828 describes a Deserialization of Untrusted Data vulnerability in the WordPress theme designthemes Red Art, enabling PHP Object Injection. Affected: Red Art versions up to 3.7 (and potentially <=3.8 per Patchstack reference). Root cause: deserializing untrusted data within the them...
CVE-2025-52828 WordPress Red Art theme <= 3.8 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in designthemes Red Art redart allows Object Injection.This issue affects Red Art: from n/a through = 3.8...
CVE-2024-13786
The education theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.6.10 via deserialization of untrusted input in the 'themerexcallbackviewmoreposts' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP...
CVE-2025-6464
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.44.2 via deserialization of untrusted input in the 'entrydeleteuploadfiles' function. This makes it possible for unauthenticat...
WordPress Forminator Plugin < 1.44.3 Multiple Vulnerabilities
The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:incsub:forminator"; ifdescription...
WordPress Education Center theme <= 3.6.10 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Lucio Sá in WordPress Theme Education Center versions = 3.6.10...
CVE-2024-13786
The education theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.6.10 via deserialization of untrusted input in the 'themerexcallbackviewmoreposts' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP...
CVE-2024-13786 Education Center | LMS & Online Courses WordPress Theme <= 3.6.10 - PHP Object Injection
The education theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.6.10 via deserialization of untrusted input in the 'themerexcallbackviewmoreposts' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP...
CVE-2024-13786 Education Center | LMS & Online Courses WordPress Theme <= 3.6.10 - PHP Object Injection
The education theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.6.10 via deserialization of untrusted input in the 'themerexcallbackviewmoreposts' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP...
CVE-2024-13786
CVE-2024-13786 affects the WordPress Education Center theme (
CVE-2025-6464
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.44.2 via deserialization of untrusted input in the 'entrydeleteuploadfiles' function. This makes it possible for unauthenticat...
CVE-2025-6464
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.44.2 via deserialization of untrusted input in the 'entrydeleteuploadfiles' function. This makes it possible for unauthenticat...
CVE-2025-6464 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.44.2 - Unauthenticated PHP Object Injection (PHAR) Triggered via Administrator Form Submission Deletion
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.44.2 via deserialization of untrusted input in the 'entrydeleteuploadfiles' function. This makes it possible for unauthenticat...
CVE-2025-6464 Forminator Forms – Contact Form, Payment Form & Custom Form Builder <= 1.44.2 - Unauthenticated PHP Object Injection (PHAR) Triggered via Administrator Form Submission Deletion
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.44.2 via deserialization of untrusted input in the 'entrydeleteuploadfiles' function. This makes it possible for unauthenticat...
CVE-2025-6464
The CVE concerns the WordPress Forminator Forms plugin (versions up to and including 1.44.2). It enables PHP Object Injection through deserialization of untrusted input in the entry_delete_upload_files function, triggered when a form submission is deleted (admin or auto-deletion). Exploitation re...
WordPress Everest Forms - Frontend Listing plugin <= 1.0.5 - PHP Object Injection Vulnerability
WordPress Everest Forms - Frontend Listing plugin = 1.0.5 - PHP Object Injection Vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Everest Forms - Frontend Listing versions = 1.0.5...
WordPress Education Center Theme <= 3.6.10 is vulnerable to PHP Object Injection
Software Education Center Type Theme Vulnerable versions = 3.6.10 Fixed in 3.6.11 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2024-13786 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 511daf731ac0 Credits Lucio Sá Required privilege...
PT-2025-27604 · WordPress · Education Theme
Name of the Vulnerable Software and Affected Versions: Education theme for WordPress versions up to, and including, 3.6.10 Description: The issue allows unauthenticated attackers to inject a PHP Object via deserialization of untrusted input in the themerex callback view more posts function. This...
PT-2025-27602 · WordPress · The Forminator Forms
Name of the Vulnerable Software and Affected Versions: The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress versions up to, and including, 1.44.2 Description: The issue is related to PHP Object Injection via deserialization of untrusted input in the entry...
WordPress Forminator plugin <= 1.44.2 - Unauthenticated PHP Object Injection (PHAR) Triggered via Administrator Form Submission Deletion vulnerability
Unauthenticated PHP Object Injection PHAR Triggered via Administrator Form Submission Deletion vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Forminator versions = 1.44.2...