WordPress plugin Uncanny Automator 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

PT-2025-21133 · WordPress · Uncanny Automator

Name of the Vulnerable Software and Affected Versions: Uncanny Automator versions up to, and including, 6.4.0.1 Description: The Uncanny Automator plugin for WordPress is vulnerable to PHP Object Injection via deserialization of untrusted input in the automator api decode message function. This...

WordPress Uncanny Automator plugin <= 6.4.0.1 - Authenticated (Subscriber+) PHP Object Injection in automator_api_decode_message Function vulnerability

Authenticated Subscriber+ PHP Object Injection in automatorapidecodemessage Function vulnerability discovered by mikemyers in WordPress Plugin Uncanny Automator versions = 6.4.0.1...

50,000 WordPress Sites Affected by PHP Object Injection Vulnerability in Uncanny Automator WordPress Plugin

In case you missed it, Wordfence just published itsannual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond. On April 26th, 2024, we received a submission for an authenticated PHP...

WordPress WPFunnels plugin <= 3.5.18 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by timomangcut in WordPress Plugin WPFunnels versions = 3.5.18...

CVE-2025-0855

The PGS Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.8.0 via deserialization of untrusted input in the 'importheader' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in...

WordPress WP Maintenance plugin <= 6.1.9.7 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Ngo Bui Truong Vu in WordPress Plugin WP Maintenance versions = 6.1.9.7...

WordPress WP-CRM System plugin <= 3.4.5 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Ngo Bui Truong Vu in WordPress Plugin WP-CRM System versions = 3.4.5...

CVE-2025-47683 WordPress WP Maintenance plugin <= 6.1.9.7 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in Florent Maillefaud WP Maintenance wp-maintenance allows Object Injection.This issue affects WP Maintenance: from n/a through = 6.1.9.7...

CVE-2025-47683 WordPress WP Maintenance <= 6.1.9.7 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in Florent Maillefaud WP Maintenance allows Object Injection. This issue affects WP Maintenance: from n/a through 6.1.9.7...

CVE-2025-47629 WordPress WP-CRM System plugin <= 3.4.5 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Object Injection.This issue affects WP-CRM System: from n/a through = 3.4.5...

CVE-2025-47629 WordPress WP-CRM System <= 3.4.1 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in Mario Peshev WP-CRM System allows Object Injection. This issue affects WP-CRM System: from n/a through 3.4.1...

WordPress CoinPayments.net Payment Gateway for WooCommerce plugin <= 1.0.17 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by timomangcut in WordPress Plugin CoinPayments.net Payment Gateway for WooCommerce versions = 1.0.17...

WordPress PGS Core plugin <= 5.8.0 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability discovered by István Márton in WordPress Plugin PGS Core versions = 5.8.0...

CVE-2025-0855

The PGS Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.8.0 via deserialization of untrusted input in the 'importheader' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in...

CVE-2025-0855 PGS Core <= 5.8.0 - Unauthenticated PHP Object Injection

The PGS Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.8.0 via deserialization of untrusted input in the 'importheader' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in...

CVE-2025-0855

CVE-2025-0855 affects the WordPress PGS Core plugin up to and including v5.8.0, enabling unauthenticated PHP Object Injection via deserialization in import_header. Impact ranges from arbitrary file deletion and data exposure to potential code execution if a POP chain exists with another plugin/th...

CVE-2025-0855 PGS Core <= 5.8.0 - Unauthenticated PHP Object Injection

The PGS Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.8.0 via deserialization of untrusted input in the 'importheader' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in...

PT-2025-19871 · WordPress · Pgs Core

Name of the Vulnerable Software and Affected Versions: PGS Core plugin for WordPress versions up to, and including, 5.8.0 Description: The issue concerns PHP Object Injection via deserialization of untrusted input in the import header function, allowing unauthenticated attackers to inject a PHP...

WordPress plugin PGS Core 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...