CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3586 matches found

NVD•added 2025/11/13 8:15 a.m.•3 views

CVE-2025-12844

The AI Engine plugin for WordPress is vulnerable to PHP Object Injection via PHAR Deserialization in all versions up to, and including, 3.1.8 via deserialization of untrusted input in the 'restsimpleTranscribeAudio' and 'restsimpleVisionQuery' functions. This makes it possible for authenticated...

7.1CVSS0.00133EPSS

Exploits0References6

OSV•added 2025/11/13 8:15 a.m.•3 views

CVE-2025-12844

7.1CVSS6AI score

Exploits0References6

EUVD•added 2025/11/13 7:27 a.m.•6 views

EUVD-2025-158262

7.1CVSS6.5AI score0.00133EPSS

Exploits0References7

Cvelist•added 2025/11/13 7:27 a.m.•5 views

CVE-2025-12844 AI Engine <= 3.1.8 - Authenticated (Subscriber+) PHP Object Injection via PHAR Deserialization

7.1CVSS0.00133EPSS

Exploits0References6

Positive Technologies•added 2025/11/13 12:0 a.m.•3 views

PT-2025-46786

Name of the Vulnerable Software and Affected Versions AI Engine versions prior to 3.1.9 Description The AI Engine plugin for WordPress is susceptible to PHP Object Injection through PHAR Deserialization. This occurs due to the deserialization of untrusted input within the rest simpleTranscribeAud...

7.1CVSS6.8AI score0.00133EPSS

Exploits0References10

Patchstack•added 2025/11/10 1:50 a.m.•5 views

WordPress Academy LMS plugin <= 3.3.8 - Authenticated (Administrator+) PHP Object Injection via 'import_all_courses' vulnerability

Authenticated Administrator+ PHP Object Injection via 'importallcourses' vulnerability discovered by Michelle Porter - Wordfence in WordPress Plugin Academy LMS versions = 3.3.8...

7.2CVSS7.1AI score0.00311EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2025/11/09 8:49 a.m.•7 views

CVE-2025-12099

The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.3.8 via deserialization of untrusted input in the 'importallcourses' function. This makes it possible for authenticated...

7.2CVSS7AI score0.00311EPSS

Exploits0References1

Patchstack•added 2025/11/08 10:32 a.m.•6 views

WordPress Email Subscribers & Newsletters plugin <= 5.9.10 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Email Subscribers & Newsletters versions = 5.9.10...

7.2CVSS7.3AI score0.00109EPSS

Exploits0Affected Software1

EUVD•added 2025/11/08 9:31 a.m.•5 views

EUVD-2025-38367

7.2CVSS6.5AI score0.00311EPSS

Exploits0References5

NVD•added 2025/11/08 9:15 a.m.•3 views

CVE-2025-12099

7.2CVSS0.00311EPSS

Exploits0References3

CVE•added 2025/11/08 8:27 a.m.•21 views

CVE-2025-12099

CVE-2025-12099 affects the Academy LMS – WordPress LMS Plugin for Complete eLearning Solution, with versions ≤ 3.3.8 vulnerable to PHP Object Injection via deserialization in import_all_courses. An authenticated attacker with Administrator+ rights can inject a PHP Object; impact depends on whethe...

7.2CVSS6.6AI score0.00311EPSS

Exploits0References3

Vulnrichment•added 2025/11/06 3:55 p.m.•2 views

CVE-2025-62035 WordPress Togo theme < 1.0.4 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in uxper Togo togo.This issue affects Togo: from n/a through 1.0.4...

8.8CVSS6.6AI score0.00118EPSS

Exploits0References1

CVE•added 2025/11/06 3:54 p.m.•7 views

CVE-2025-58619

CVE-2025-58619 concerns Falang multilanguage for WordPress (versions

8.8CVSS6.6AI score0.00082EPSS

Exploits0References1

CVE•added 2025/11/06 3:53 p.m.•6 views

CVE-2025-49393

CVE-2025-49393 (WordPress Sign-up Sheets plugin) exhibits Deserialization of Untrusted Data leading to PHP Object Injection in Sign-up Sheets

9.8CVSS6.6AI score0.00101EPSS

Exploits0References1

Cvelist•added 2025/11/06 3:53 p.m.•7 views

CVE-2025-49386 WordPress Preserve Code Formatting Plugin <= 4.0.1 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in Scott Reilly Preserve Code Formatting preserve-code-formatting allows Object Injection.This issue affects Preserve Code Formatting: from n/a through = 4.0.1...

8.8CVSS0.00118EPSS

Exploits0References1

CVE•added 2025/11/06 3:53 p.m.•7 views

CVE-2025-49386

CVE-2025-49386 : A deserialization-based PHP Object Injection vulnerability affects the WordPress plugin Preserve Code Formatting up to version 4.0.1. The issue arises from deserializing untrusted data, enabling object injection. The CVE entries consistently describe this as a vulnerability in th...

8.8CVSS6.7AI score0.00118EPSS

Exploits0References1

Patchstack•added 2025/11/05 1:16 a.m.•5 views

WordPress Everest Forms Pro plugin <= 1.9.7 - Unauthenticated PHP Object Injection via PHAR Deserialization in Form Signature vulnerability

Unauthenticated PHP Object Injection via PHAR Deserialization in Form Signature vulnerability discovered by Alex Thomas - Wordfence in WordPress Plugin Everest Forms Pro versions = 1.9.7...

5.6CVSS7.4AI score0.00354EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2025/11/05 12:0 a.m.•4 views

PT-2025-45066

Name of the Vulnerable Software and Affected Versions Everest Forms Pro versions up to and including 1.9.7 Description The Everest Forms Pro plugin for WordPress is susceptible to PHP Object Injection due to deserialization of untrusted input within the mime content type function. This allows...

5.6CVSS6.8AI score0.00354EPSS

Exploits0References5

Patchstack•added 2025/10/29 5:10 a.m.•3 views

WordPress Jannah theme <= 7.6.0 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Jannah versions = 7.6.0...

9.8CVSS7.3AI score0.00101EPSS

Exploits0Affected Software1

EUVD•added 2025/10/29 12:30 a.m.•7 views

EUVD-2025-36574

WordPress plugin Contact Form CFDB7 versions up to and including 1.3.2 are affected by a pre-authentication SQL injection vulnerability that cascades into insecure deserialization PHP Object Injection. The weakness arises due to insufficient validation of user input in plugin endpoints, allowing...

9.6CVSS7.5AI score0.00076EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by