WordPress GNUCommerce plugin <= 1.5.4 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin GNUCommerce versions = 1.5.4...

CVE-2025-31612 WordPress CBX Poll plugin <= 2.0.4 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Sabuj Kundu CBX Poll cbxpoll allows Object Injection.This issue affects CBX Poll: from n/a through = 2.0.4...

CVE-2025-30892 WordPress WpTravelly Plugin <= 1.8.7 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in magepeopleteam WpTravelly tour-booking-manager allows Object Injection.This issue affects WpTravelly: from n/a through = 1.8.7...

WordPress WpTravelly Plugin <= 1.8.7 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by LVT-tholv2k in WordPress Plugin WpTravelly versions = 1.8.7...

CVE-2025-31087 WordPress Multiple Shipping And Billing Address For Woocommerce <= 1.5 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in silverplugins217 Multiple Shipping And Billing Address For Woocommerce allows Object Injection. This issue affects Multiple Shipping And Billing Address For Woocommerce: from n/a through 1.5...

CVE-2025-31084 WordPress Sunshine Photo Cart plugin <= 3.4.10 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Object Injection.This issue affects Sunshine Photo Cart: from n/a through = 3.4.10...

CVE-2025-31074 WordPress MDJM Event Management plugin <= 1.7.5.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in MDJM Mobile DJ Manager mobile-dj-manager allows Object Injection.This issue affects Mobile DJ Manager: from n/a through = 1.7.5.2...

CVE-2025-31074 WordPress MDJM Event Management plugin <= 1.7.5.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in MDJM MDJM Event Management allows Object Injection. This issue affects MDJM Event Management: from n/a through 1.7.5.2...

CVE-2025-31084 WordPress Sunshine Photo Cart plugin <= 3.4.10 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Object Injection.This issue affects Sunshine Photo Cart: from n/a through = 3.4.10...

CVE-2025-31074

CVE-2025-31074 describes a Deserialization of Untrusted Data vulnerability in the WordPress plugin MDJM Event Management . The issue enables PHP object injection via the plugin’s authenticated path and affects versions listed as up to 1.7.5.2 (the vulnerable range is indicated as from n/a through...

CVE-2025-31084

CVE-2025-31084 : Sunshine Photo Cart is vulnerable to an unauthenticated PHP Object Injection via deserialization of untrusted data in Sunshine Photo Cart

WordPress CBX Poll plugin <= 2.0.4 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Mika in WordPress Plugin CBX Poll versions = 2.0.4...

CVE-2025-2485

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8.7 via deserialization of untrusted input from the 'dnduploadcf7upload' function. This makes it possible for attackers to inject a PHP...

CVE-2025-2332

The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.13 via deserialization of untrusted input in the 'returnMetaValueAsCustomerInput' function. This makes it possible for unauthenticated attacke...

WordPress Sunshine Photo Cart plugin <= 3.4.10 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Sunshine Photo Cart versions = 3.4.10...

CVE-2025-1913

The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.5.0 via deserialization of untrusted input from the 'formdata' parameter This makes it possible for authenticated attacker...

CVE-2024-13889

The WordPress Importer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.8.3 via deserialization of untrusted input in the 'maybeunserialize' function. This makes it possible for authenticated attackers, with Administrator-level access and above, t...

WordPress MDJM Event Management plugin <= 1.7.5.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by LVT-tholv2k in WordPress Plugin Mobile DJ Manager versions = 1.7.5.2...

CVE-2025-2485

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8.7 via deserialization of untrusted input from the 'dnduploadcf7upload' function. This makes it possible for attackers to inject a PHP...

CVE-2025-2485

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8.7 via deserialization of untrusted input from the 'dnduploadcf7upload' function. This makes it possible for attackers to inject a PHP...