WordPress Everest Forms Plugin <= 3.2.2 is vulnerable to PHP Object Injection

Software Everest Forms Type Plugin Vulnerable versions = 3.2.2 Fixed in 3.2.3 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-52709 Patch priority High CVSS severity High 9.8 Developer Everest Forms PSID ed6f018dd59f Credits Phat RiO - BlueRock Required privilege...

WordPress Amwerk Theme <= 1.2.0 is vulnerable to PHP Object Injection

Software Amwerk Type Theme Vulnerable versions = 1.2.0 Fixed in 1.3.0 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-52724 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 03a8b40aebf6 Credits Bonds Required privilege Unauthenticated Published...

WordPress CouponXxL Theme <= 3.0.0 is vulnerable to PHP Object Injection

Software CouponXxL Type Theme Vulnerable versions = 3.0.0 Fixed in 3.1.0 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-52725 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 04cffe8dee73 Credits Bonds Required privilege Unauthenticated...

CVE-2025-28970 WordPress WP Optimize By xTraffic plugin <= 5.1.6 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in pep.vn WP Optimize By xTraffic wp-optimize-by-xtraffic allows Object Injection.This issue affects WP Optimize By xTraffic: from n/a through = 5.1.6...

CVE-2025-28970 WordPress WP Optimize By xTraffic plugin <= 5.1.6 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in pep.vn WP Optimize By xTraffic wp-optimize-by-xtraffic allows Object Injection.This issue affects WP Optimize By xTraffic: from n/a through = 5.1.6...

CVE-2025-28970

CVE-2025-28970: PHP Object Injection via deserialization in WP Optimize By xTraffic (WordPress plugin). Affected: WP Optimize By xTraffic versions up to and including 5.1.6. Status: Unpatched in the public CVE references. Root cause: Deserialization of untrusted data leading to object injection. ...

CVE-2025-52709

...

CVE-2025-52709

...

CVE-2025-52725 WordPress CouponXxL theme <= 3.0.0 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in pebas CouponXxL couponxxl allows Object Injection.This issue affects CouponXxL: from n/a through = 3.0.0...

CVE-2025-52724 WordPress Amwerk theme <= 1.2.0 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in BoldThemes Amwerk amwerk allows Object Injection.This issue affects Amwerk: from n/a through = 1.2.0...

CVE-2025-52724 WordPress Amwerk theme <= 1.2.0 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in BoldThemes Amwerk allows Object Injection. This issue affects Amwerk: from n/a through 1.2.0...

CVE-2025-52725

CVE-2025-52725 describes a deserialization of untrusted data vulnerability in WordPress theme CouponXxL (versions up to 3.0.0). Root cause is PHP Object Injection via untrusted data processing. The issue is rated CRITICAL (CVSSv3.1: Network, Low attack complexity, No user interaction, scope UNCHA...

CVE-2025-52826 WordPress Sala theme <= 1.1.3 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in uxper Sala allows Object Injection. This issue affects Sala: from n/a through 1.1.3...

CVE-2025-52826

CVE-2025-52826 affects the WordPress Sala theme (

CVE-2025-52827 WordPress Nuss theme <= 1.3.3 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in uxper Nuss nuss allows Object Injection.This issue affects Nuss: from n/a through = 1.3.3...

CVE-2025-52827

CVE-2025-52827: WordPress Nuss theme

CVE-2025-52827 WordPress Nuss theme <= 1.3.3 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in uxper Nuss nuss allows Object Injection.This issue affects Nuss: from n/a through = 1.3.3...

WordPress Red Art Theme <= 3.7 is vulnerable to PHP Object Injection

Software Red Art Type Theme Vulnerable versions = 3.7 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-52828 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 443adc1cb34f Credits Frank Required privilege Subscriber Published 26 June...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 / 25.04 : Roundcube vulnerability (USN-7584-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 / 25.04 host has packages installed that are affected by a vulnerability as referenced in the USN-7584-1 advisory. It was discovered that Roundcube Webmail did not properly sanitize the from parameter in a URL,...

WordPress Kriya theme <= 3.4 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Bonds in WordPress Theme Kriya versions = 3.4...