3726 matches found
CVE-2025-0724
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.9.4.5 via deserialization of untrusted input in the getusermetafieldshtml function. This makes it possible for authenticated attackers, with...
CVE-2025-0724 ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.5 - Authenticated (Subscriber+) PHP Object Injection
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.9.4.5 via deserialization of untrusted input in the getusermetafieldshtml function. This makes it possible for authenticated attackers, with...
CVE-2025-0724 ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.5 - Authenticated (Subscriber+) PHP Object Injection
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.9.4.5 via deserialization of untrusted input in the getusermetafieldshtml function. This makes it possible for authenticated attackers, with...
CVE-2025-0724
The CVE-2025-0724 entry concerns the ProfileGrid – User Profiles, Groups and Communities WordPress plugin. Affected: ProfileGrid versions up to and including 5.9.4.5. Vulnerability type: PHP Object Injection via deserialization of untrusted input in get_user_meta_fields_html. Impact: potential to...
PT-2025-12478 · WordPress · Export/Import Users/Customers
Name of the Vulnerable Software and Affected Versions: Export and Import Users and Customers plugin for WordPress versions up to, and including, 2.6.2 Description: The issue is related to PHP Object Injection via deserialization of untrusted input from the form data parameter. This allows...
CVE-2024-13410
The CozyStay and TinySalt plugins for WordPress are vulnerable to PHP Object Injection in all versions up to, and including, 1.7.0, and in all versions up to, and including 3.9.0, respectively, via deserialization of untrusted input in the 'ajaxhandler' function. This makes it possible for...
CVE-2024-13921
The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.0 via deserialization of untrusted input from the 'formdata' parameter. This makes it possible for authenticated attackers, with Administrator-level...
CVE-2024-13921
The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.0 via deserialization of untrusted input from the 'formdata' parameter. This makes it possible for authenticated attackers, with Administrator-level...
CVE-2024-13921
CVE-2024-13921 concerns the WordPress plugin “Order Export & Order Import for WooCommerce” (
CVE-2024-13921 Order Export & Order Import for WooCommerce <= 2.6.0 - Authenticated (Admin+) PHP Object Injection via form_data Parameter
The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.0 via deserialization of untrusted input from the 'formdata' parameter. This makes it possible for authenticated attackers, with Administrator-level...
CVE-2024-13921 Order Export & Order Import for WooCommerce <= 2.6.0 - Authenticated (Admin+) PHP Object Injection via form_data Parameter
The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.0 via deserialization of untrusted input from the 'formdata' parameter. This makes it possible for authenticated attackers, with Administrator-level...
WordPress Order Export & Order Import for WooCommerce plugin <= 2.6.0 - Authenticated (Admin+) PHP Object Injection via form_data Parameter vulnerability
Authenticated Admin+ PHP Object Injection via formdata Parameter vulnerability discovered by HayMiz in WordPress Plugin Order Export & Order Import for WooCommerce versions = 2.6.0...
WordPress plugin Order Export & Order Import for WooCommerce 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability exists i...
CVE-2025-2376
A vulnerability has been found in viames Pair Framework up to 1.9.11 and classified as critical. Affected by this vulnerability is the function getCookieContent of the file /src/UserRemember.php of the component PHP Object Handler. The manipulation of the argument cookieName leads to...
CVE-2024-13410
The CozyStay and TinySalt plugins for WordPress are vulnerable to PHP Object Injection in all versions up to, and including, 1.7.0, and in all versions up to, and including 3.9.0, respectively, via deserialization of untrusted input in the 'ajaxhandler' function. This makes it possible for...
CVE-2024-13410 CozyStay <= 1.7.0 and TinySalt <= 3.9.0 - Unauthenticated PHP Object Injection in ajax_handler
The CozyStay and TinySalt plugins for WordPress are vulnerable to PHP Object Injection in all versions up to, and including, 1.7.0, and in all versions up to, and including 3.9.0, respectively, via deserialization of untrusted input in the 'ajaxhandler' function. This makes it possible for...
CVE-2024-13410 CozyStay <= 1.7.0 and TinySalt <= 3.9.0 - Unauthenticated PHP Object Injection in ajax_handler
The CozyStay and TinySalt plugins for WordPress are vulnerable to PHP Object Injection in all versions up to, and including, 1.7.0, and in all versions up to, and including 3.9.0, respectively, via deserialization of untrusted input in the 'ajaxhandler' function. This makes it possible for...
CVE-2024-13410
CVE-2024-13410 affects CozyStay <= 1.7.0 and TinySalt
VulnCheck KEV: CVE-2024-5932
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the 'givetitle' parameter. This makes it possible for unauthenticated attackers to inject a...
WordPress CozyStay theme <= 1.7.0 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Lucio Sá in WordPress Theme CozyStay versions = 1.7.0...