CVE-2024-13742 iControlWP – Multiple WordPress Site Manager <= 4.4.5 - Unauthenticated PHP Object Injection

The iControlWP – Multiple WordPress Site Manager plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.5 via deserialization of untrusted input from the reqpars parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. N...

WordPress plugin iControlWP 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

PT-2025-2262 · WordPress · Icontrolwp

Name of the Vulnerable Software and Affected Versions: iControlWP – Multiple WordPress Site Manager plugin for WordPress versions up to, and including, 4.4.5 Description: The issue is related to PHP Object Injection via deserialization of untrusted input from the reqpars parameter. This allows...

CVE-2025-24601 WordPress FundPress plugin <= 2.0.6 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in ThimPress FundPress fundpress allows Object Injection.This issue affects FundPress: from n/a through = 2.0.6...

CVE-2025-24601 WordPress FundPress plugin <= 2.0.6 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in ThimPress FundPress fundpress allows Object Injection.This issue affects FundPress: from n/a through = 2.0.6...

WordPress Custom Product Tabs Lite for WooCommerce plugin <= 1.9.0 - Authenticated (Shop Manager+) PHP Object Injection vulnerability

Authenticated Shop Manager+ PHP Object Injection vulnerability discovered by Francesco Carlucci in WordPress Plugin Custom Product Tabs Lite for WooCommerce versions = 1.9.0...

CVE-2024-12600

The Custom Product Tabs Lite for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.0 via deserialization of untrusted input from the 'frswooproducttabs' parameter. This makes it possible for authenticated attackers, with Shop...

CVE-2024-12600 Custom Product Tabs Lite for WooCommerce <= 1.9.0 - Authenticated (Shop Manager+) PHP Object Injection

The Custom Product Tabs Lite for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.0 via deserialization of untrusted input from the 'frswooproducttabs' parameter. This makes it possible for authenticated attackers, with Shop...

CVE-2024-12600 Custom Product Tabs Lite for WooCommerce <= 1.9.0 - Authenticated (Shop Manager+) PHP Object Injection

The Custom Product Tabs Lite for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.0 via deserialization of untrusted input from the 'frswooproducttabs' parameter. This makes it possible for authenticated attackers, with Shop...

CVE-2024-12600

CVE-2024-12600 affects the WordPress plugin Custom Product Tabs Lite for WooCommerce (all versions up to 1.9.0). Root cause: PHP Object Injection via deserialization of untrusted input from the frs_woo_product_tabs parameter. Impact per sources: authenticated attackers with Shop Manager level or ...

PT-2025-1909 · WordPress · Custom Product Tabs For Woocommerce

Name of the Vulnerable Software and Affected Versions: Custom Product Tabs Lite for WooCommerce plugin for WordPress versions prior to 1.9.0 Description: The issue is related to PHP Object Injection via deserialization of untrusted input from the frs woo product tabs parameter. This allows...

CVE-2025-23914 WordPress Muzaara Google Ads Report Plugin <= 3.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in muzaara Muzaara Google Ads Report muzaara-adwords-optimize-dashboard allows Object Injection.This issue affects Muzaara Google Ads Report: from n/a through = 3.1...

CVE-2025-23914 WordPress Muzaara Google Ads Report Plugin <= 3.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in muzaara Muzaara Google Ads Report muzaara-adwords-optimize-dashboard allows Object Injection.This issue affects Muzaara Google Ads Report: from n/a through = 3.1...

CVE-2025-23914

CVE-2025-23914 is an unauthenticated PHP object injection (deserialization of untrusted data) affecting the WordPress plugin: Optimize Your Campaigns – Google Shopping – Google Ads – Google Adwords (Muzaara) up to version 3.1. The vulnerability has a CVSS v3.1 base score of 9.8 (CRITICAL) with ne...

CVE-2025-23944 WordPress WOOEXIM Plugin <= 5.0.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in bulktheme WOOEXIM wooexim allows Object Injection.This issue affects WOOEXIM: from n/a through = 5.0.0...

CVE-2025-23944

CVE-2025-23944 relates to WOOEXIM – WooCommerce Export Import Plugin (

CVE-2025-23932 WordPress Quick Count Plugin <= 3.00 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Marko-M Quick Count quick-count allows Object Injection.This issue affects Quick Count: from n/a through = 3.00...

CVE-2025-23932

CVE-2025-23932 corresponds to a PHP object injection via deserialization in the WordPress plugin/theme item named “Quick Count” (notFound Quick Count). The CVE entry shows an unauthenticated remote impact with a high severity, and Red Hat and Wordfence references confirm this is an unauthenticate...

CVE-2025-0428

The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form'postcontent' variable through the wpaicgexportprompts function. This allows authenticated attackers, with...

CVE-2025-0428

The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form'postcontent' variable through the wpaicgexportprompts function. This allows authenticated attackers, with...