CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3582 matches found

CNNVD•added 2025/12/12 12:0 a.m.•1 views

WordPress plugin Visitor Logic Lite 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

8.1CVSS6.7AI score0.00367EPSS

Exploits0References3

Cvelist•added 2025/12/04 8:43 p.m.•19 views

CVE-2025-66571 UNA CMS 9.0.0-RC1 - 14.0.0-RC4 PHP Object Injection

UNA CMS versions 9.0.0-RC1 - 14.0.0-RC4 contain a PHP object injection vulnerability in BxBaseMenuSetAclLevel.php where the profileid POST parameter is passed to PHP unserialize without proper handling, allowing remote, unauthenticated attackers to inject arbitrary PHP objects and potentially wri...

9.3CVSS0.00423EPSS

Exploits0References5

Positive Technologies•added 2025/12/04 12:0 a.m.•6 views

PT-2025-49139

Name of the Vulnerable Software and Affected Versions UNA CMS versions 9.0.0-RC1 through 14.0.0-RC4 Description The software contains a PHP object injection issue in the BxBaseMenuSetAclLevel.php component. The profile id POST parameter is passed to the PHP unserialize function without sufficient...

9.3CVSS7.5AI score0.00423EPSS

Exploits0References8

Patchstack•added 2025/11/27 6:48 a.m.•3 views

WordPress Houzez plugin <= 4.1.6 - Authenticated (Subscriber+) PHP Object Injection via Saved Search vulnerability

Authenticated Subscriber+ PHP Object Injection via Saved Search vulnerability discovered by Alex Thomas - Wordfence in WordPress Theme Houzez versions = 4.1.6...

6.3CVSS7.4AI score0.00243EPSS

Exploits0References1Affected Software1

EUVD•added 2025/11/26 3:34 p.m.•2 views

EUVD-2025-199719

The Houzez theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.1.6 via deserialization of untrusted input in saved-search-item.php. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject a PHP Object. No...

6.3CVSS6.5AI score0.00243EPSS

Exploits0References3

Vulnrichment•added 2025/11/26 12:30 p.m.•4 views

CVE-2025-9191 Houzez <= 4.1.6 - Authenticated (Subscriber+) PHP Object Injection via Saved Search

6.3CVSS6.6AI score0.00243EPSS

Exploits0References2

CVE•added 2025/11/26 12:30 p.m.•25 views

CVE-2025-9191

CVE-2025-9191 — Houzez WordPress Theme PHP Object Injection . The Houzez theme (WordPress) is vulnerable to PHP Object Injection via deserialization in saved-search-item.php for all versions up to 4.1.6. Exploitation requires authenticated access at Subscriber level or higher; a POP chain is not ...

6.3CVSS6.6AI score0.00243EPSS

Exploits0References2

Positive Technologies•added 2025/11/26 12:0 a.m.•3 views

PT-2025-48136

6.3CVSS7AI score0.00243EPSS

Exploits0References3

CNNVD•added 2025/11/26 12:0 a.m.•1 views

WordPress plugin Houzez 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

6.3CVSS7.2AI score0.00243EPSS

Exploits0References3

CVE•added 2025/11/21 12:29 p.m.•6 views

CVE-2025-66073

CVE-2025-66073 describes a Deserialization of Untrusted Data vulnerability in the WordPress plugin WP Webhooks (wp-webhooks) by Cozmoslabs, affecting versions up to and including 3.3.8. The issue enables PHP object injection via deserialized data, enabling an attacker with Administrator+ privileg...

7.2CVSS6.6AI score0.00109EPSS

Exploits0References1

EUVD•added 2025/11/19 6:31 a.m.•1 views

EUVD-2025-198102

The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.33.1. This is due to deserialization of untrusted data supplied via CSV file imports in the importsinglepostascsv function within...

7.2CVSS6.1AI score0.00277EPSS

Exploits0References4

Vulnrichment•added 2025/11/19 5:45 a.m.•2 views

CVE-2025-13145 WP Import – Ultimate CSV XML Importer for WordPress <= 7.33.1 - Authenticated (Administrator+) PHP Object Injection via CSV Import

7.2CVSS6.2AI score0.00277EPSS

Exploits0References3

Cvelist•added 2025/11/19 5:45 a.m.•5 views

CVE-2025-13145 WP Import – Ultimate CSV XML Importer for WordPress <= 7.33.1 - Authenticated (Administrator+) PHP Object Injection via CSV Import

7.2CVSS0.00277EPSS

Exploits0References3

CVE•added 2025/11/19 5:45 a.m.•14 views

CVE-2025-13145

CVE-2025-13145 describes a PHP Object Injection vulnerability in the WordPress plugin WP Import – Ultimate CSV XML Importer for WordPress (versions up to and including 7.33.1). The issue arises from deserializing untrusted data during CSV imports in SingleImportExport.php (import_single_post_as_c...

7.2CVSS6.2AI score0.00277EPSS

Exploits0References3

CNNVD•added 2025/11/19 12:0 a.m.•1 views

WordPress plugin WP Import – Ultimate CSV XML Importer 代码问题漏洞

7.2CVSS7.3AI score0.00277EPSS

Exploits0References3

Positive Technologies•added 2025/11/19 12:0 a.m.•3 views

PT-2025-47438

Name of the Vulnerable Software and Affected Versions WP Import – Ultimate CSV XML Importer for WordPress versions prior to 7.33.1 Description The WP Import – Ultimate CSV XML Importer for WordPress plugin is susceptible to PHP Object Injection due to the deserialization of untrusted data from CS...

7.2CVSS6.9AI score0.00277EPSS

Exploits0References9

NVD•added 2025/11/13 8:15 a.m.•2 views

CVE-2025-12844

The AI Engine plugin for WordPress is vulnerable to PHP Object Injection via PHAR Deserialization in all versions up to, and including, 3.1.8 via deserialization of untrusted input in the 'restsimpleTranscribeAudio' and 'restsimpleVisionQuery' functions. This makes it possible for authenticated...

7.1CVSS0.00098EPSS

Exploits0References6