CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3726 matches found

Patchstack•added 2025/04/11 6:11 p.m.•10 views

WordPress Everest Forms plugin <= 3.1.1 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability discovered by kuaile in WordPress Plugin Everest Forms versions = 3.1.1...

9.8CVSS9.1AI score0.01096EPSS

Exploits0References1Affected Software1

OSV•added 2025/04/11 1:15 p.m.•7 views

CVE-2025-3439

The Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.1 via deserialization of untrusted input from the 'fieldvalue' parameter. This makes it possible for...

9.8CVSS7.4AI score

Exploits0References3

NVD•added 2025/04/11 1:15 p.m.•35 views

CVE-2025-3439

9.8CVSS0.01096EPSS

Exploits0References3

Vulnrichment•added 2025/04/11 12:42 p.m.•15 views

CVE-2025-3439 Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress <= 3.1.1 - Unauthenticated PHP Object Injection

9.8CVSS7.5AI score0.01096EPSS

Exploits0References3

CVE•added 2025/04/11 12:42 p.m.•141 views

CVE-2025-3439

The CVE-2025-3439 entry describes a PHP Object Injection in Everest Forms for WordPress up to version 3.1.1, achieved via deserialization of untrusted input in the field_value parameter. Attackers can inject a PHP object, but impact depends on whether a POP (object payload) chain exists in anothe...

9.8CVSS9.7AI score0.01096EPSS

Exploits0References3Affected Software1

Cvelist•added 2025/04/11 12:42 p.m.•30 views

CVE-2025-3439 Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress <= 3.1.1 - Unauthenticated PHP Object Injection

9.8CVSS0.01096EPSS

Exploits0References3

Vulnrichment•added 2025/04/11 8:42 a.m.•4 views

CVE-2025-32607 WordPress WpBookingly plugin <= 1.2.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in magepeopleteam WpBookingly allows Object Injection. This issue affects WpBookingly: from n/a through 1.2.0...

9.8CVSS6.9AI score0.00718EPSS

Exploits0References1

CVE•added 2025/04/11 8:42 a.m.•57 views

CVE-2025-32607

CVE-2025-32607 describes a Deserialization of Untrusted Data vulnerability (PHP object injection) in the WordPress plugin WpBookingly (Service Booking & Scheduling Solution). Affected versions:

9.8CVSS7.2AI score0.00718EPSS

Exploits0References1

Vulnrichment•added 2025/04/11 8:42 a.m.•4 views

CVE-2025-32569 WordPress TableOn plugin <= 1.0.4.3 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in RealMag777 TableOn posts-table-filterable allows Object Injection.This issue affects TableOn: from n/a through = 1.0.4.3...

9.8CVSS8.6AI score0.00719EPSS

Exploits0References1

Cvelist•added 2025/04/11 8:42 a.m.•20 views

CVE-2025-32569 WordPress TableOn plugin <= 1.0.4.3 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in RealMag777 TableOn posts-table-filterable allows Object Injection.This issue affects TableOn: from n/a through = 1.0.4.3...

9.8CVSS0.00719EPSS

Exploits0References1

CVE•added 2025/04/11 8:42 a.m.•60 views

CVE-2025-32569

CVE-2025-32569 affects TableOn – WordPress Posts Table Filterable (TableOn)

9.8CVSS7.2AI score0.00719EPSS

Exploits0References1

Cvelist•added 2025/04/11 8:42 a.m.•17 views

CVE-2025-32568 WordPress EmpikPlace for Woocommerce Plugin <= 1.4.3 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in empik EmpikPlace for Woocommerce empik-for-woocommerce allows Object Injection.This issue affects EmpikPlace for Woocommerce: from n/a through = 1.4.3...

9.8CVSS0.00719EPSS

Exploits0References1

CVE•added 2025/04/11 8:42 a.m.•58 views

CVE-2025-32568

CVE-2025-32568: EmpikPlace for Woocommerce suffers authenticated PHP Object Injection via deserialization (deserialization of untrusted data). Affected: EmpikPlace for Woocommerce versions up to 1.4.2 (and up to 1.4.3 per Wordfence), with the issue exploitable by authenticated subscribers. Impact...

9.8CVSS7.2AI score0.00719EPSS

Exploits0References1

Cvelist•added 2025/04/11 8:42 a.m.•20 views

CVE-2025-32144 WordPress Job Board Manager Plugin <= 2.1.61 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in PickPlugins Job Board Manager job-board-manager allows Object Injection.This issue affects Job Board Manager: from n/a through = 2.1.61...

8.8CVSS0.00832EPSS

Exploits0References1

Vulnrichment•added 2025/04/11 8:42 a.m.•5 views

CVE-2025-32144 WordPress Job Board Manager Plugin <= 2.1.60 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in PickPlugins Job Board Manager allows Object Injection. This issue affects Job Board Manager: from n/a through 2.1.60...

8.8CVSS8.7AI score0.00832EPSS

Exploits0References1

Vulnrichment•added 2025/04/11 8:42 a.m.•7 views

CVE-2025-32143 WordPress Accordion plugin <= 2.3.10 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in PickPlugins Accordion allows Object Injection. This issue affects Accordion: from n/a through 2.3.10...

8.8CVSS6.9AI score0.00832EPSS

Exploits0References1

CVE•added 2025/04/11 8:42 a.m.•49 views

CVE-2025-32144

CVE-2025-32144 – Job Board Manager (WordPress) PHP Object Injection : Authenticated PHP Object Injection via deserialization of untrusted data in PickPlugins Job Board Manager. Affected: Job Board Manager

8.8CVSS7.2AI score0.00832EPSS

Exploits0References1

CVE•added 2025/04/11 8:42 a.m.•50 views

CVE-2025-32143

CVE-2025-32143 affects the Accordion plugin for WordPress (PickPlugins Accordion). It is a Deserialization of Untrusted Data vulnerability leading to PHP Object Injection. The advisory covers Accordion versions from 2.0 up to 2.3.10 (n/a through 2.3.10). The CVSS v3.1 base score is 8.8 (High) wit...

8.8CVSS7.2AI score0.00832EPSS

Exploits0References1

Cvelist•added 2025/04/10 8:9 a.m.•13 views

CVE-2025-32145 WordPress WpEvently plugin <= 4.3.6 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Object Injection.This issue affects WpEvently: from n/a through = 4.3.6...

8.8CVSS0.00384EPSS

Exploits0References1

Vulnrichment•added 2025/04/10 8:9 a.m.•7 views

CVE-2025-32145 WordPress WpEvently plugin <= 4.3.5 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently allows Object Injection. This issue affects WpEvently: from n/a through 4.3.5...

8.8CVSS6.9AI score0.00384EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by