CVE-2024-13777 ZoomSounds - WordPress Wave Audio Player with Playlist <= 6.91 - Unauthenticated PHP Object Injection

The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.91 via deserialization of untrusted input from the 'margs' parameter. This makes it possible for unauthenticated attackers to inject a PHP...

CVE-2025-0956 WooCommerce Recover Abandoned Cart <= 24.3.0 - Unauthenticated PHP Object Injection

The WooCommerce Recover Abandoned Cart plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 24.3.0 via deserialization of untrusted input from the 'raccookieguestemail' cookie. This makes it possible for unauthenticated attackers to inject a PHP Object...

CVE-2025-0956

CVE-2025-0956 affects the WooCommerce Recover Abandoned Cart plugin for WordPress (versions up to 24.3.0). It enables unauthenticated PHP Object Injection via deserialization of input from the raccookie_guest_email cookie. The vulnerability’s impact depends on the presence of a POP (PHP Object) c...

CVE-2025-0956 WooCommerce Recover Abandoned Cart <= 24.4.0 - Unauthenticated PHP Object Injection

The WooCommerce Recover Abandoned Cart plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 24.4.0 via deserialization of untrusted input from the 'raccookieguestemail' cookie. This makes it possible for unauthenticated attackers to inject a PHP Object...

AI (Artificial Intelligence) - Moderately critical - Gadget Chain - SA-CONTRIB-2025-022

The AI Automators module a submodule of AI enables you to create different automated tasks that fills out a field data using LLM outputs. The module contains a potential PHP Object Injection vulnerability that if combined with another exploit could lead to Arbitrary File Deletion. It may be...

WordPress VEDA theme <= 4.2 - Authenticated (Subscriber+) PHP Object Injection vulnerability

Authenticated Subscriber+ PHP Object Injection vulnerability discovered by Lucio Sá in WordPress Theme VEDA versions = 4.2...

WordPress WooCommerce Recover Abandoned Cart plugin < 24.5.0 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability discovered by Lucio Sá in WordPress Plugin WooCommerce Recover Abandoned Cart versions 24.5.0...

CVE-2025-0912

The Donations Widget plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.19.4 via deserialization of untrusted input from the Donation Form through the 'cardaddress' parameter. This makes it possible for unauthenticated attackers to inject a PHP...

CVE-2025-0912

The Donations Widget plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.19.4 via deserialization of untrusted input from the Donation Form through the 'cardaddress' parameter. This makes it possible for unauthenticated attackers to inject a PHP...

CVE-2025-0912 GiveWP – Donation Plugin and Fundraising Platform <= 3.19.4 - Unauthenticated PHP Object Injection

The Donations Widget plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.19.4 via deserialization of untrusted input from the Donation Form through the 'cardaddress' parameter. This makes it possible for unauthenticated attackers to inject a PHP...

CVE-2025-0912 GiveWP – Donation Plugin and Fundraising Platform <= 3.19.4 - Unauthenticated PHP Object Injection

The Donations Widget plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.19.4 via deserialization of untrusted input from the Donation Form through the 'cardaddress' parameter. This makes it possible for unauthenticated attackers to inject a PHP...

CVE-2025-0912

The CVE-2025-0912 entry concerns the Donations Widget plugin for WordPress (GiveWP)

Linux Distros Unpatched Vulnerability : CVE-2016-7411

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ext/standard/varunserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service memo...

WordPress GiveWP plugin <= 3.19.4 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability discovered by dream hard in WordPress Plugin GiveWP versions = 3.19.4...

CVE-2025-26967 WordPress Events Calendar for GeoDirectory plugin <= 2.3.14 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Stiofan Events Calendar for GeoDirectory events-for-geodirectory allows Object Injection.This issue affects Events Calendar for GeoDirectory: from n/a through = 2.3.14...

CVE-2025-26967 WordPress Events Calendar for GeoDirectory plugin <= 2.3.14 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Stiofan Events Calendar for GeoDirectory events-for-geodirectory allows Object Injection.This issue affects Events Calendar for GeoDirectory: from n/a through = 2.3.14...

CVE-2025-26885 WordPress Assistant Plugin <= 1.5.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Beaver Builder WordPress Assistant assistant allows Object Injection.This issue affects WordPress Assistant: from n/a through = 1.5.1...

CVE-2025-26885 WordPress Assistant Plugin <= 1.5.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Beaver Builder WordPress Assistant assistant allows Object Injection.This issue affects WordPress Assistant: from n/a through = 1.5.1...

CVE-2025-26999 WordPress ProfileGrid Plugin <= 5.9.4.3 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Object Injection.This issue affects ProfileGrid : from n/a through = 5.9.4.3...

CVE-2024-13833

The Album Gallery – WordPress Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.3 via deserialization of untrusted input from gallery meta. This makes it possible for authenticated attackers, with Editor-level access and above, to inject ...