WordPress ThemeMove Core Plugin <= 1.4.2 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Bonds in WordPress Plugin ThemeMove Core versions = 1.4.2...

Ubuntu: Security Advisory (USN-7584-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WordPress Nuss theme <= 1.3.3 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Rau má đậu xanh in WordPress Theme Nuss versions = 1.3.3...

WordPress WP Optimize By xTraffic plugin <= 5.1.6 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by timomangcut in WordPress Plugin WP Optimize By xTraffic versions = 5.1.6...

CVE-2025-25034

A PHP object injection vulnerability exists in SugarCRM versions prior to 6.5.24, 6.7.13, 7.5.2.5, 7.6.2.2, and 7.7.1.0 due to improper validation of PHP serialized input in the SugarRestSerialize.php script. The vulnerable code fails to sanitize the restdata parameter before passing it to the...

WordPress Nuss Theme <= 1.3.3 is vulnerable to PHP Object Injection

Software Nuss Type Theme Vulnerable versions = 1.3.3 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-52827 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 7d884de49dbe Credits Ann Required privilege Subscriber Published 23 June,...

WordPress Sala Theme <= 1.1.3 is vulnerable to PHP Object Injection

Software Sala Type Theme Vulnerable versions = 1.1.3 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-52826 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 745dde376637 Credits Ann Required privilege Subscriber Published 23 June,...

WordPress eCommerce Product Catalog plugin <= 3.4.3 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by mcdruid in WordPress Plugin eCommerce Product Catalog versions = 3.4.3...

CVE-2025-25034

A PHP object injection vulnerability exists in SugarCRM versions prior to 6.5.24, 6.7.13, 7.5.2.5, 7.6.2.2, and 7.7.1.0 due to improper validation of PHP serialized input in the SugarRestSerialize.php script. The vulnerable code fails to sanitize the restdata parameter before passing it to the...

CVE-2025-25034

SugarCRM versions prior to 6.5.24, 6.7.13, 7.5.2.5, 7.6.2.2, and 7.7.1.0 are affected by a PHP object injection in SugarRestSerialize.php due to improper validation of the rest_data parameter before unserialize(). An unauthenticated attacker can submit crafted serialized data to achieve arbitrary...

PT-2025-26454

Name of the Vulnerable Software and Affected Versions: SugarCRM versions prior to 6.5.24 SugarCRM versions prior to 6.7.13 SugarCRM versions prior to 7.5.2.5 SugarCRM versions prior to 7.6.2.2 SugarCRM versions prior to 7.7.1.0 Description: A PHP object injection issue exists due to improper...

USN-7584-1: Roundcube vulnerability

It was discovered that Roundcube Webmail did not properly sanitize the from parameter in a URL, leading to PHP Object Deserialization. A remote attacker could possibly use this issue to execute arbitrary code...

CVE-2025-30618 WordPress Rapyd Payment Extension for WooCommerce plugin <= 1.2.0 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in yuliaz Rapyd Payment Extension for WooCommerce rapyd-payments allows Object Injection.This issue affects Rapyd Payment Extension for WooCommerce: from n/a through = 1.2.0...

CVE-2025-30618 WordPress Rapyd Payment Extension for WooCommerce plugin <= 1.2.0 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in yuliaz Rapyd Payment Extension for WooCommerce rapyd-payments allows Object Injection.This issue affects Rapyd Payment Extension for WooCommerce: from n/a through = 1.2.0...

CVE-2025-31919 WordPress Spare <= 1.7 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in themeton Spare allows Object Injection. This issue affects Spare: from n/a through 1.7...

CVE-2025-49330 WordPress Integration for Contact Form 7 and Zoho CRM, Bigin <= 1.3.0 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in CRM Perks Integration for Contact Form 7 and Zoho CRM, Bigin allows Object Injection. This issue affects Integration for Contact Form 7 and Zoho CRM, Bigin: from n/a through 1.3.0...

CVE-2025-49330 WordPress Integration for Contact Form 7 and Zoho CRM, Bigin plugin <= 1.3.0 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in CRM Perks Integration for Contact Form 7 and Zoho CRM, Bigin cf7-zoho allows Object Injection.This issue affects Integration for Contact Form 7 and Zoho CRM, Bigin: from n/a through = 1.3.0...

CVE-2025-49331 WordPress eCommerce Product Catalog plugin <= 3.4.3 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in impleCode eCommerce Product Catalog ecommerce-product-catalog allows Object Injection.This issue affects eCommerce Product Catalog: from n/a through = 3.4.3...

CVE-2025-49331 WordPress eCommerce Product Catalog <= 3.4.3 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in impleCode eCommerce Product Catalog allows Object Injection. This issue affects eCommerce Product Catalog: from n/a through 3.4.3...

Exploit for CVE-2025-49113

CVE‑2025‑49113 – Post‑Auth Remote Code Execution in Roundcube...