CVE-2025-39410 WordPress Smart Sections Theme Builder - WPBakery Page Builder Addon plugin <= 1.7.8 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in themegusta Smart Sections Theme Builder - WPBakery Page Builder Addon.This issue affects Smart Sections Theme Builder - WPBakery Page Builder Addon: from n/a through 1.7.8...

CVE-2025-47582 WordPress WPBot Pro Wordpress Chatbot <= 12.7.0 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in QuantumCloud WPBot Pro Wordpress Chatbot allows Object Injection.This issue affects WPBot Pro Wordpress Chatbot: from n/a through 12.7.0...

CVE-2025-47582 WordPress WPBot Pro Wordpress Chatbot <= 12.7.0 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in QuantumCloud WPBot Pro Wordpress Chatbot allows Object Injection.This issue affects WPBot Pro Wordpress Chatbot: from n/a through 12.7.0...

WordPress HotStar – Multi-Purpose Business Theme <= 1.4 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme HotStar – Multi-Purpose Business Theme versions = 1.4...

WordPress WP User Manager plugin <= 2.9.12 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Nguyen Ngoc Quang Bach maysbachs in WordPress Plugin WP User Manager versions = 2.9.12...

WordPress Jarvis – Night Club, Concert, Festival WordPress Theme <= 1.8.11 is vulnerable to PHP Object Injection

Software Jarvis – Night Club, Concert, Festival WordPress Type Theme Vulnerable versions = 1.8.11 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-32292 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 4d7f3fe39572 Credits Tran Nguy...

WordPress HotStar – Multi-Purpose Business Theme Theme <= 1.4 is vulnerable to PHP Object Injection

Software HotStar – Multi-Purpose Business Theme Type Theme Vulnerable versions = 1.4 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-31069 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 5302a6861163 Credits Tran Nguyen Bao Khanh...

WordPress The Business Theme <= 1.6.1 is vulnerable to PHP Object Injection

Software The Business Type Theme Vulnerable versions = 1.6.1 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-31430 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 6b1df0573f1a Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunit...

WordPress Dash Theme <= 1.3 is vulnerable to PHP Object Injection

Software Dash Type Theme Vulnerable versions = 1.3 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-31049 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID a29d6b30b587 Credits Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity Required...

CVE-2025-48134 WordPress WP Tabs plugin <= 2.2.12 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in ShapedPlugin LLC WP Tabs wp-expand-tabs-free allows Object Injection.This issue affects WP Tabs: from n/a through = 2.2.12...

WordPress WP Tabs plugin <= 2.2.12 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Nguyen Ngoc Quang Bach maysbachs in WordPress Plugin WP Tabs versions = 2.2.12...

WordPress WordPress Events Calendar Registration & Tickets plugin <= 2.6.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Bonds Patchstack Alliance in WordPress Plugin WordPress Events Calendar Registration & Tickets versions = 2.6.0...

WordPress WC Affiliate plugin <= 2.16 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Martino Spagnuolo r3verii in WordPress Plugin WC Affiliate versions = 2.16...

CVE-2025-3623

The Uncanny Automator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.4.0.1 via deserialization of untrusted input in the automatorapidecodemessage function. This makes it possible for unauthenticated to inject a PHP Object. The additional presen...

WordPress WPBot Pro Wordpress Chatbot <= 12.7.0 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Tran Nguyen Bao KhanhVCI - VNPT in WordPress Plugin WPBot Pro Wordpress Chatbot versions = 12.7.0...

CVE-2025-3623

The Uncanny Automator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.4.0.1 via deserialization of untrusted input in the automatorapidecodemessage function. This makes it possible for unauthenticated to inject a PHP Object. The additional presen...

CVE-2025-3623

The Uncanny Automator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.4.0.1 via deserialization of untrusted input in the automatorapidecodemessage function. This makes it possible for unauthenticated to inject a PHP Object. The additional presen...

CVE-2025-3623

CVE-2025-3623 : In Uncanny Automator for WordPress (

CVE-2025-3623 Uncanny Automator <= 6.4.0.1 - Unauthenticated PHP Object Injection in automator_api_decode_message Function

The Uncanny Automator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.4.0.1 via deserialization of untrusted input in the automatorapidecodemessage function. This makes it possible for unauthenticated to inject a PHP Object. The additional presen...

CVE-2025-3623 Uncanny Automator <= 6.4.0.1 - Unauthenticated PHP Object Injection in automator_api_decode_message Function

The Uncanny Automator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.4.0.1 via deserialization of untrusted input in the automatorapidecodemessage function. This makes it possible for unauthenticated to inject a PHP Object. The additional presen...