📄 Blesta 5.13.1 Admin Interface PHP Object Injection

Blesta versions 3.0.0 through 5.13.1 suffer from an administrative interface PHP object injection vulnerability. The vulnerabilities exist because user input passed through the vars and orderinfo POST parameters when dispatching the /app/controllers/adminclients.php script, and through the...

VulnCheck KEV: CVE-2024-12877

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.19.2 via deserialization of untrusted input from the donation form like 'firstName'. This makes it possible for unauthenticated attackers to...

WordPress Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin <= 1.6.4 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability discovered by Peter Thaleikis in WordPress Plugin Ultimate Store Kit Elementor Addons versions = 1.6.4...

VulnCheck KEV: CVE-2024-2053

The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. This issue was demonstrated on version 4.50 of the The Artica-Proxy administrative web application attempts to...

WordPress ModelTheme Addons for WPBakery and Elementor plugin < 1.5.6 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin ModelTheme Addons for WPBakery and Elementor versions 1.5.6...

WordPress PeakShops theme <= 1.5.9 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme PeakShops versions = 1.5.9...

CVE-2025-69099 WordPress North theme <= 5.7.5 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in fuelthemes North north-wp allows Object Injection.This issue affects North: from n/a through = 5.7.5...

CVE-2025-69099

CVE-2025-69099 describes a Deserialization of Untrusted Data vulnerability in the WordPress theme North (North North WP). Affected product: North: north-wp, versions from n/a through and including 5.7.5. Root cause: PHP object deserialization leading to Object Injection. Impact: as per CVSS 3.1/3...

CVE-2025-69036 WordPress Tech Life CPT plugin <= 16.4 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in strongholdthemes Tech Life CPT techlife-cpt allows Object Injection.This issue affects Tech Life CPT: from n/a through = 16.4...

CVE-2025-69035

CVE-2025-69035 describes a deserialization of untrusted data vulnerability in the WordPress plugin Dental Care CPT (by strongholdthemes) affecting versions up to 20.2. The issue enables PHP Object Injection via deserialization of untrusted data, with the attack surface limited to the plugin’s den...

CVE-2025-69002 WordPress OneLife theme <= 3.9 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in designthemes OneLife onelife allows Object Injection.This issue affects OneLife: from n/a through = 3.9...

CVE-2025-68899

CVE-2025-68899 (Vivagh theme, WordPress) Deserialization of untrusted data in designthemes Vivagh, affected up to version 2.4, enables Object Injection. Public sources (NVD/Red Hat/CVE list) confirm the flaw and affected scope but do not provide a confirmed fix or patched version. Related entries...

CVE-2025-68899 WordPress Vivagh theme <= 2.4 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in designthemes Vivagh vivagh allows Object Injection.This issue affects Vivagh: from n/a through = 2.4...

CVE-2025-68047 WordPress Eventin plugin <= 4.1.3 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Arraytics Eventin wp-event-solution allows Object Injection.This issue affects Eventin: from n/a through = 4.1.3...

CVE-2025-50004 WordPress JupiterX Core plugin <= 4.10.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in artbees JupiterX Core jupiterx-core allows Object Injection.This issue affects JupiterX Core: from n/a through = 4.10.1...

WordPress Eventin plugin <= 4.1.3 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by w41bu1 in WordPress Plugin Eventin versions = 4.1.3...

CVE-2026-0726

The Nexter Extension – Site Enhancements Toolkit plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.6 via deserialization of untrusted input in the 'nxtunserializereplace' function. This makes it possible for unauthenticated attackers to inject a...

CVE-2026-0726

The Nexter Extension – Site Enhancements Toolkit plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.6 via deserialization of untrusted input in the 'nxtunserializereplace' function. This makes it possible for unauthenticated attackers to inject a...

CVE-2026-0726 Nexter Extension – Site Enhancements Toolkit <= 4.4.6 - Unauthenticated PHP Object Injection via 'nxt_unserialize_replace'

The Nexter Extension – Site Enhancements Toolkit plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.6 via deserialization of untrusted input in the 'nxtunserializereplace' function. This makes it possible for unauthenticated attackers to inject a...

WordPress plugin Nexter Extension – Site Enhancements Toolkit code issues and vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...