3726 matches found
WordPress FoodBakery plugin <= 3.3 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Bonds Patchstack Alliance in WordPress Plugin FoodBakery versions = 3.3...
WordPress Grand Restaurant WordPress Theme <= 7.0 is vulnerable to PHP Object Injection
Software Grand Restaurant WordPress Type Theme Vulnerable versions = 7.0 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-39348 Patch priority High CVSS severity High 9.8 Developer EPC PSID c0bb2279949a Credits Ananda Dhakal Patchstack Required privilege...
WordPress CiyaShop Theme <= 4.18.0 is vulnerable to PHP Object Injection
Software CiyaShop Type Theme Vulnerable versions = 4.18.0 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-39349 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 68a2f2e9e8f8 Credits Bonds Required privilege Unauthenticated Publishe...
WordPress Altair Theme <= 5.2.2 is vulnerable to PHP Object Injection
Software Altair Type Theme Vulnerable versions = 5.2.2 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-32928 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 644e001022df Credits Bonds Required privilege Unauthenticated Published 2...
CVE-2025-27286 WordPress Saoshyant Slider Plugin <= 3.0 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in saoshyant1994 Saoshyant Slider saoshyant-slider allows Object Injection.This issue affects Saoshyant Slider: from n/a through = 3.0...
CVE-2025-27286
CVE-2025-27286 is a WordPress plugin vulnerability in Saoshyant Slider (versions
CVE-2025-27287 WordPress SS Quiz Plugin <= 2.0.5 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in ssvadim SS Quiz ssquiz allows Object Injection.This issue affects SS Quiz: from n/a through = 2.0.5...
CVE-2025-27287 WordPress SS Quiz Plugin <= 2.0.5 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in ssvadim SS Quiz ssquiz allows Object Injection.This issue affects SS Quiz: from n/a through = 2.0.5...
CVE-2025-32571 WordPress TuriTop Booking System Plugin <= 1.0.10 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in TuriTop TuriTop Booking System turitop-booking-system allows Object Injection.This issue affects TuriTop Booking System: from n/a through = 1.0.10...
CVE-2025-32572 WordPress Kata Plus Plugin <= 1.5.3 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Climax Themes Kata Plus kata-plus allows Object Injection.This issue affects Kata Plus: from n/a through = 1.5.3...
CVE-2025-32572 WordPress Kata Plus Plugin <= 1.5.2 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Climax Themes Kata Plus allows Object Injection. This issue affects Kata Plus: from n/a through 1.5.2...
CVE-2025-32572
CVE-2025-32572 is a PHP object injection flaw caused by deserialization of untrusted data in the Kata Plus WordPress plugin family (Kata Plus – Addons for Elementor – Widgets, Extensions and Templates). Affected versions range up to 1.5.2 (with CVE entries tracking up to 1.5.3 per Patchstack/Word...
CVE-2025-32647 WordPress Question Answer Plugin <= 1.2.70 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in PickPlugins Question Answer allows Object Injection. This issue affects Question Answer: from n/a through 1.2.70...
CVE-2025-32658 WordPress HelpGent plugin <= 2.2.4 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in wpWax HelpGent allows Object Injection. This issue affects HelpGent: from n/a through 2.2.4...
CVE-2025-32686 WordPress Team Members plugin <= 3.4.4 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in WPSpeedo Team Members wps-team allows Object Injection.This issue affects Team Members: from n/a through = 3.4.4...
CVE-2025-32686 WordPress Team Members plugin <= 3.4.4 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in WPSpeedo Team Members wps-team allows Object Injection.This issue affects Team Members: from n/a through = 3.4.4...
CVE-2025-32686
CVE-2025-32686: Deserialization of untrusted data leading to PHP object injection in the WP Speedo Team Members plugin. Affected software: Team Members versions up to 3.4.0 (n/a through 3.4.0). Impact is described as Deserialization of Untrusted Data enabling Object Injection; CVSSv3.1 base score...
CVE-2025-39527 WordPress Rating by BestWebSoft plugin <= 1.7 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in bestweblayout Rating by BestWebSoft rating-bws allows Object Injection.This issue affects Rating by BestWebSoft: from n/a through = 1.7...
CVE-2025-39550
CVE-2025-39550 is a vulnerability in FluentCommunity (Shahjahan Jewel WordPress plugin) caused by deserialization of untrusted data leading to unauthenticated PHP object injection. Affected versions are FluentCommunity
CVE-2025-39550 WordPress FluentCommunity <= 1.2.15 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in Shahjahan Jewel FluentCommunity allows Object Injection. This issue affects FluentCommunity: from n/a through 1.2.15...