3718 matches found
WordPress Glossary by WPPedia Code Issue Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A code issue vulnerability exists in WordPress Glossary by WPPedia that stems from improper deserialization of the posttypes parameter, which can be exploited by an attacker to...
WordPress Integration for Contact Form 7 and Zoho CRM, Bigin plugin <= 1.3.0 - PHP Object Injection Vulnerability
PHP Object Injection Vulnerability discovered by Frissi0n in WordPress Plugin Integration for Contact Form 7 and Zoho CRM, Bigin versions = 1.3.0...
Roundcube 1.6.10 - Remote Code Execution (RCE)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Roundcube ≤ 1.6.10 Post-Auth RCE via PHP Object Deserialization', 'Description' = %q Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allo...
Fedora 42 : roundcubemail (2025-70701de9de)
The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-70701de9de advisory. This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to recently reported security vulnerabilities: Fix Post-Auth RCE...
WordPress Ninja Tables plugin code issue vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress Ninja Tables plugin has a code issue vulnerability , the vulnerability stems from argscallback parameter deserialization untrustworthy inputs , an attacker can use thi...
Fedora 41 : roundcubemail (2025-a5f56fe8ff)
The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-a5f56fe8ff advisory. This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to recently reported security vulnerabilities: Fix Post-Auth RCE...
WordPress Photography Theme <= 7.7.2 - PHP Object Injection Vulnerability
PHP Object Injection Vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme Photography versions = 7.7.2...
WordPress Spare theme <= 1.7 - PHP Object Injection Vulnerability
PHP Object Injection Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Spare versions = 1.7...
CVE-2025-49455 WordPress WordPress-WPJobBoard <= 25.07010000-WP6.8.1-JB5.11.5 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ClickandPledge WordPress-WPJobBoard click-pledge-wpjobboard allows Blind SQL Injection.This issue affects WordPress-WPJobBoard: from n/a through = 25.07010000-WP6.8.1-JB5.11.5...
CVE-2025-49455 WordPress TinySalt < 3.10.0 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in LoftOcean TinySalt allows Object Injection.This issue affects TinySalt: from n/a before 3.10.0...
CVE-2025-49507 WordPress CozyStay theme < 1.7.1 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in LoftOcean CozyStay cozystay allows Object Injection.This issue affects CozyStay: from n/a through 1.7.1...
WordPress Photography Theme <= 7.5.2 is vulnerable to PHP Object Injection
Software Photography Type Theme Vulnerable versions = 7.5.2 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-47579 Patch priority High CVSS severity High 9 Developer EPC PSID f3488f35689e Credits Rafie Muhammad Patchstack Required privilege Unauthenticated...
WordPress Spare Theme <= 1.7 is vulnerable to PHP Object Injection
Software Spare Type Theme Vulnerable versions = 1.7 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-31919 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 56b785ef822a Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity Require...
CVE-2025-31396 WordPress FLAP - Business WordPress Theme <= 1.5 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in themeton FLAP - Business WordPress Theme allows Object Injection. This issue affects FLAP - Business WordPress Theme: from n/a through 1.5...
CVE-2025-31396
CVE-2025-31396: Deserialization of Untrusted Data leading to Object Injection in the FLAP - Business WordPress Theme. Affected: FLAP - Business WordPress Theme (versions from unspecified base up to 1.5). Root cause: untrusted data deserialization enabling object injection. Remediation details are...
WordPress CozyStay Theme < 1.7.1 is vulnerable to PHP Object Injection
Software CozyStay Type Theme Vulnerable versions 1.7.1 Fixed in 1.7.1 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-49507 Patch priority High CVSS severity High 9.8 Developer LoftOcean PSID 87cadbf62283 Credits Bonds Required privilege Unauthenticated Published 9 Jun...
WordPress TinySalt Theme < 3.10.0 is vulnerable to PHP Object Injection
Software TinySalt Type Theme Vulnerable versions 3.10.0 Fixed in 3.10.0 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-49455 Patch priority High CVSS severity High 9.8 Developer LoftOcean PSID 832baca8d9fd Credits Bonds Required privilege Unauthenticated Published 9...
WordPress Themify Edmin Theme <= 2.0.0 is vulnerable to PHP Object Injection
Software Themify Edmin Type Theme Vulnerable versions = 2.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-31047 Patch priority Medium CVSS severity Medium 8.8 Developer Claim ownership PSID c525fceb3917 Credits Phat RiO - BlueRock Required privilege...
CVE-2025-49072 WordPress Mr. Murphy < 1.2.12.1 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in AncoraThemes Mr. Murphy allows Object Injection.This issue affects Mr. Murphy: from n/a before 1.2.12.1...
CVE-2025-49072 WordPress Mr. Murphy < 1.2.12.1 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in AncoraThemes Mr. Murphy mr-murphy allows Object Injection.This issue affects Mr. Murphy: from n/a through 1.2.12.1...