WordPress TableOn plugin <= 1.0.4.3 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by LVT-tholv2k in WordPress Plugin TableOn versions = 1.0.4.3...

WordPress WpBookingly plugin <= 1.3.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Plugin WpBookingly versions = 1.3.0...

WordPress EmpikPlace for Woocommerce Plugin <= 1.4.3 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by LVT-tholv2k in WordPress Plugin EmpikPlace for Woocommerce versions = 1.4.3...

WordPress Accordion plugin <= 2.3.11 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by LVT-tholv2k in WordPress Plugin Accordion versions = 2.3.11...

WordPress Job Board Manager Plugin <= 2.1.61 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by LVT-tholv2k in WordPress Plugin Job Board Manager versions = 2.1.61...

WordPress WpEvently plugin <= 4.3.6 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by LVT-tholv2k in WordPress Plugin WpEvently versions = 4.3.6...

📄 UNA CMS 14.0.0-RC4 PHP Object Injection

UNA CMS versions 14.0.0-RC4 and below suffer from a PHP object injection vulnerability in BxBaseMenuSetAclLevel.php. ------------------------------------------------------------------------------------ UNA CMS = 14.0.0-RC4 BxBaseMenuSetAclLevel.php PHP Object Injection Vulnerability...

UNA CMS 14.0.0-RC - PHP Object Injection

Exploit Title: UNA CMS = 14.0.0-RC4 BxBaseMenuSetAclLevel.php PHP Object Injection Vulnerability Author: Egidio Romano aka EgiX Software link.......: https://unacms.com - Software Links: https://unacms.com https://github.com/unacms/una - Affected Versions: All versions from 9.0.0-RC1 to 14.0.0-RC...

CVE-2025-2244

A vulnerability in the sendMailFromRemoteSource method in Emails.php as used in Bitdefender GravityZone Console unsafely uses php unserialize on user-supplied input without validation. By crafting a malicious serialized payload, an attacker can trigger PHP object injection, perform a file write,...

CVE-2024-13645

The tagDiv Composer plugin for WordPress is vulnerable to PHP Object Instantiation in all versions up to, and including, 5.3 via module parameter. This makes it possible for unauthenticated attackers to Instantiate a PHP Object. No known POP chain is present in the vulnerable software, which mean...

CVE-2025-2244

A vulnerability in the sendMailFromRemoteSource method in Emails.php as used in Bitdefender GravityZone Console unsafely uses php unserialize on user-supplied input without validation. By crafting a malicious serialized payload, an attacker can trigger PHP object injection, perform a file write,...

CVE-2024-13645

The tagDiv Composer plugin for WordPress is vulnerable to PHP Object Instantiation in all versions up to, and including, 5.3 via module parameter. This makes it possible for unauthenticated attackers to Instantiate a PHP Object. No known POP chain is present in the vulnerable software, which mean...

CVE-2024-13645 TagDiv Composer <= 5.3 - Unauthenticated Arbitrary PHP Object Instantiation

The tagDiv Composer plugin for WordPress is vulnerable to PHP Object Instantiation in all versions up to, and including, 5.3 via module parameter. This makes it possible for unauthenticated attackers to Instantiate a PHP Object. No known POP chain is present in the vulnerable software, which mean...

CVE-2024-13645 TagDiv Composer <= 5.3 - Unauthenticated Arbitrary PHP Object Instantiation

The tagDiv Composer plugin for WordPress is vulnerable to PHP Object Instantiation in all versions up to, and including, 5.3 via module parameter. This makes it possible for unauthenticated attackers to Instantiate a PHP Object. No known POP chain is present in the vulnerable software, which mean...

CVE-2024-13645

CVE-2024-13645 affects the WordPress tagging plugin TagDiv Composer (all versions up to and including 5.3). It describes PHP Object Instantiation via a module parameter, enabling unauthenticated object instantiation. The impact is conditional on a POP chain being present in the target environment...

WordPress plugin tagDiv Composer 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

WordPress TagDiv Composer plugin <= 5.3 - Unauthenticated Arbitrary PHP Object Instantiation vulnerability

Unauthenticated Arbitrary PHP Object Instantiation vulnerability discovered by mikemyers in WordPress Plugin tagDiv Composer versions = 5.3...

CVE-2025-30889 WordPress Testimonial Slider plugin <= 2.0.13 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in PickPlugins Testimonial Slider testimonial allows Object Injection.This issue affects Testimonial Slider: from n/a through = 2.0.13...

CVE-2025-30889 WordPress Testimonial Slider plugin <= 2.0.13 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in PickPlugins Testimonial Slider testimonial allows Object Injection.This issue affects Testimonial Slider: from n/a through = 2.0.13...

WordPress Testimonial Slider plugin <= 2.0.13 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by LVT-tholv2k in WordPress Plugin Testimonial Slider versions = 2.0.13...