CVE-2025-39495 WordPress Avantage Theme <= 2.4.9 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in BoldThemes Avantage avantage allows Object Injection.This issue affects Avantage: from n/a through = 2.4.9...

CVE-2025-39500 WordPress Goodlayers Hostel Plugin <= 3.1.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in GoodLayers Goodlayers Hostel gdlr-hostel allows Object Injection.This issue affects Goodlayers Hostel: from n/a through = 3.1.2...

CVE-2025-39500 WordPress Goodlayers Hostel Plugin <= 3.1.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in GoodLayers Goodlayers Hostel gdlr-hostel allows Object Injection.This issue affects Goodlayers Hostel: from n/a through = 3.1.2...

CVE-2025-39503 WordPress Goodlayers Hotel plugin <= 3.1.4 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in GoodLayers Goodlayers Hotel allows Object Injection. This issue affects Goodlayers Hotel: from n/a through 3.1.4...

CVE-2025-47530 WordPress WPFunnels plugin <= 3.5.18 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in WPFunnels WPFunnels wpfunnels allows Object Injection.This issue affects WPFunnels: from n/a through = 3.5.18...

CVE-2025-47532 WordPress CoinPayments.net Payment Gateway for WooCommerce plugin <= 1.0.17 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in CoinPayments CoinPayments.net Payment Gateway for WooCommerce coinpayments-payment-gateway-for-woocommerce allows Object Injection.This issue affects CoinPayments.net Payment Gateway for WooCommerce: from n/a through = 1.0.17...

CVE-2025-47532 WordPress CoinPayments.net Payment Gateway for WooCommerce plugin <= 1.0.17 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in CoinPayments CoinPayments.net Payment Gateway for WooCommerce coinpayments-payment-gateway-for-woocommerce allows Object Injection.This issue affects CoinPayments.net Payment Gateway for WooCommerce: from n/a through = 1.0.17...

CVE-2025-47530 WordPress WPFunnels <= 3.5.18 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in WPFunnels WPFunnels allows Object Injection. This issue affects WPFunnels: from n/a through 3.5.18...

CVE-2025-47568 WordPress ZoomSounds plugin <= 6.91 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in ZoomIt ZoomSounds allows Object Injection. This issue affects ZoomSounds: from n/a through 6.91...

CVE-2025-47568 WordPress ZoomSounds plugin <= 6.91 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in ZoomIt ZoomSounds dzs-zoomsounds allows Object Injection.This issue affects ZoomSounds: from n/a through = 6.91...

CVE-2025-47660 WordPress WC Affiliate plugin <= 2.16 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Codexpert, Inc WC Affiliate wc-affiliate allows Object Injection.This issue affects WC Affiliate: from n/a through = 2.16...

CVE-2025-47660 WordPress WC Affiliate plugin <= 2.16 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Codexpert, Inc WC Affiliate wc-affiliate allows Object Injection.This issue affects WC Affiliate: from n/a through = 2.16...

CVE-2025-48287 WordPress Pix 4x sem juros - Pagaleve plugin <= 1.6.9 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in Pagaleve Pix 4x sem juros - Pagaleve wc-pagaleve allows Object Injection.This issue affects Pix 4x sem juros - Pagaleve: from n/a through = 1.6.9...

CVE-2025-48289 WordPress Kids Planet <= 2.2.14 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in AncoraThemes Kids Planet allows Object Injection. This issue affects Kids Planet: from n/a through 2.2.14...

CVE-2024-1858

The Lightbox slider – Responsive Lightbox Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.9 via deserialization of untrusted input through post meta data. This makes it possible for authenticated attackers, with contributor-level access...

CVE-2025-4803

The Glossary by WPPedia – Best Glossary plugin for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.0 via deserialization of untrusted input from the 'posttypes' parameter. This makes it possible for authenticated attackers, with...

CVE-2024-3591

The Geo Controller WordPress plugin before 8.6.5 unserializes user input via some of its AJAX actions and REST API routes, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...

CVE-2023-0232

The ShopLentor WordPress plugin before 2.5.4 unserializes user input from cookies in order to track viewed products and user data, which could lead to PHP Object Injection...

CVE-2023-1405

The Formidable Forms WordPress plugin before 6.2 unserializes user input, which could allow anonymous users to perform PHP Object Injection when a suitable gadget is present...

CVE-2023-6049

The Estatik Real Estate Plugin WordPress plugin before 4.1.1 unserializes user input via some of its cookies, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget chain is present on the blog...