CVE-2025-49073 WordPress Sweet Dessert < 1.1.13 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in axiomthemes Sweet Dessert sweet-dessert allows Object Injection.This issue affects Sweet Dessert: from n/a through 1.1.13...

CVE-2025-39358 WordPress WP Posts Carousel <= 1.3.12 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in teastudio.pl WP Posts Carousel wp-posts-carousel allows Object Injection.This issue affects WP Posts Carousel: from n/a through = 1.3.12...

CVE-2025-39358 WordPress WP Posts Carousel <= 1.3.12 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in teastudio.pl WP Posts Carousel wp-posts-carousel allows Object Injection.This issue affects WP Posts Carousel: from n/a through = 1.3.12...

CVE-2025-47584 WordPress Photography theme <= 7.5.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in ThemeGoods Photography.This issue affects Photography: from n/a through 7.5.2...

CVE-2025-47584 WordPress Photography theme <= 7.5.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in ThemeGoods Photography.This issue affects Photography: from n/a through 7.5.2...

Roundcube Webmail Deserialization Vulnerability

RoundCube Webmail is a browser-based open source multi-language IMAP client , using PHP + Ajax development , to provide a desktop application-like interface and complete mail management features . Roundcube Webmail has a deserialization vulnerability , the vulnerability stems from the...

Exploit for CVE-2025-49113

CVE-2025-49113 PoC Repository Overview of CVE-2025-49113 C...

CVE-2025-2939

The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.0.18 via deserialization of untrusted input from the argscallback parameter . This makes it possible for unauthenticated attackers to inject a PHP Object...

Exploit for CVE-2025-49113

📧 Roundcube ≤ 1.6.10 Post-Auth RCE via PHP Object Deserializat...

FreeBSD : Post-Auth Remote Code Execution found in Roundcube Webmail (0d6094a2-4095-11f0-8c92-00d861a0e66d)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 0d6094a2-4095-11f0-8c92-00d861a0e66d advisory. Roundcube Webmail reports: Fix Post-Auth RCE via PHP Object Deserialization reported by firs0v Tenable...

Critical 10-Year-Old Roundcube Webmail Bug Allows Authenticated Users Run Malicious Code

Cybersecurity researchers have disclosed details of a critical security flaw in the Roundcube webmail software that has gone unnoticed for a decade and could be exploited to take over susceptible systems and execute arbitrary code. The vulnerability, tracked as CVE-2025-49113 , carries a CVSS sco...

WordPress Sweet Dessert < 1.1.13 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Sweet Dessert versions 1.1.13...

CVE-2025-2939

The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.0.18 via deserialization of untrusted input from the argscallback parameter . This makes it possible for unauthenticated attackers to inject a PHP Object...

CVE-2025-2939

The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.0.18 via deserialization of untrusted input from the argscallback parameter . This makes it possible for unauthenticated attackers to inject a PHP Object...

CVE-2025-2939 Ninja Tables – Easy Data Table Builder <= 5.0.18 - Unauthenticated PHP Object Injection to Limited Remote Code Execution

The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.0.18 via deserialization of untrusted input from the argscallback parameter . This makes it possible for unauthenticated attackers to inject a PHP Object...

CVE-2025-2939 Ninja Tables – Easy Data Table Builder <= 5.0.18 - Unauthenticated PHP Object Injection to Limited Remote Code Execution

The Ninja Tables – Easy Data Table Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.0.18 via deserialization of untrusted input from the argscallback parameter . This makes it possible for unauthenticated attackers to inject a PHP Object...

CVE-2025-2939

The CVE describes a PHP Object Injection in the WordPress plugin Ninja Tables – Easy Data Table Builder (versions up to and including 5.0.18). The vulnerability arises from deserialization of untrusted input via the args[callback] parameter, enabling unauthenticated attackers to inject a PHP Obje...

WordPress Sweet Dessert Theme < 1.1.13 is vulnerable to PHP Object Injection

Software Sweet Dessert Type Theme Vulnerable versions 1.1.13 Fixed in 1.1.13 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-49073 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 3fb9eef0dd59 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber...

PT-2025-23564 · WordPress · The Ninja Tables

Name of the Vulnerable Software and Affected Versions: The Ninja Tables – Easy Data Table Builder plugin for WordPress versions up to, and including, 5.0.18 Description: The issue is related to PHP Object Injection via deserialization of untrusted input from the argscallback parameter. This allow...

WordPress FLAP - Business WordPress Theme Theme <= 1.5 is vulnerable to PHP Object Injection

Software FLAP - Business WordPress Theme Type Theme Vulnerable versions = 1.5 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-31396 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 7616fcd52be9 Credits Tran Nguyen Bao Khanh VCI -...