CVE-2025-2485 Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.8.7 - Unauthenticated PHP Object Injection via PHAR to Arbitrary File Deletion

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8.7 via deserialization of untrusted input from the 'dnduploadcf7upload' function. This makes it possible for attackers to inject a PHP...

CVE-2025-2485

CVE-2025-2485 affects WordPress plugin Drag and Drop Multiple File Upload for Contact Form 7 (versions

CVE-2025-2485 Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.8.7 - Unauthenticated PHP Object Injection via PHAR to Arbitrary File Deletion

The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8.7 via deserialization of untrusted input from the 'dnduploadcf7upload' function. This makes it possible for attackers to inject a PHP...

WordPress plugin Drag and Drop Multiple File Upload for Contact Form 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in the...

CVE-2025-26873 WordPress Traveler theme <= 3.1.8 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in shinetheme Traveler traveler.This issue affects Traveler: from n/a through 3.2.1...

CVE-2025-26873 WordPress Traveler theme <= 3.1.8 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in shinetheme Traveler traveler.This issue affects Traveler: from n/a through 3.2.1...

WordPress Rapyd Payment Extension for WooCommerce plugin <= 1.2.0 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by astra.r3verii in WordPress Plugin Rapyd Payment Extension for WooCommerce versions = 1.2.0...

WordPress WpEvently Plugin <= 4.2.9 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by LVT-tholv2k in WordPress Plugin WpEvently versions = 4.2.9...

CVE-2025-30895 WordPress WpEvently Plugin <= 4.2.9 - PHP Object Injection vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in magepeopleteam WpEvently mage-eventpress allows PHP Local File Inclusion.This issue affects WpEvently: from n/a through = 4.2.9...

CVE-2025-30773 WordPress TranslatePress plugin <= 2.9.6 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in Cozmoslabs TranslatePress translatepress-multilingual allows Object Injection.This issue affects TranslatePress: from n/a through = 2.9.6...

WordPress Traveler theme <= 3.1.8 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme Traveler versions 3.2.1...

CVE-2025-2332

The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.13 via deserialization of untrusted input in the 'returnMetaValueAsCustomerInput' function. This makes it possible for unauthenticated attacke...

CVE-2025-2332 Export All Posts, Products, Orders, Refunds & Users <= 2.13 - Unauthenticated PHP Object Injection

The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.13 via deserialization of untrusted input in the 'returnMetaValueAsCustomerInput' function. This makes it possible for unauthenticated attacke...

CVE-2025-2332

CVE-2025-2332 affects the WordPress plugin Export All Posts, Products, Orders, Refunds & Users. It allows unauthenticated PHP Object Injection via deserialization in returnMetaValueAsCustomerInput, with impact only if a POP chain exists in a second plugin/theme. Affected versions go up to 2.13; p...

CVE-2025-2332 Export All Posts, Products, Orders, Refunds & Users <= 2.13 - Unauthenticated PHP Object Injection

The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.13 via deserialization of untrusted input in the 'returnMetaValueAsCustomerInput' function. This makes it possible for unauthenticated attacke...

WordPress TranslatePress plugin <= 2.9.6 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin TranslatePress versions = 2.9.6...

VulnCheck KEV: CVE-2024-8353

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1 via deserialization of untrusted input via several parameters like 'givetitle' and 'cardaddress'. This makes it possible for...

PT-2025-13033 · WordPress · Export All Posts

Name of the Vulnerable Software and Affected Versions: Export All Posts, Products, Orders, Refunds & Users plugin for WordPress versions up to, and including, 2.13 Description: The issue is related to PHP Object Injection via deserialization of untrusted input in the returnMetaValueAsCustomerInpu...

WordPress Export All Posts, Products, Orders, Refunds & Users plugin <= 2.13 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability discovered by Webbernaut in WordPress Plugin WP Ultimate Exporter versions = 2.13...

CVE-2025-1913

The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.5.0 via deserialization of untrusted input from the 'formdata' parameter This makes it possible for authenticated attacker...