CVE-2025-34292 BeWelcome/Rox PHP Object Injection RCE

Rox, the software running BeWelcome, contains a PHP object injection vulnerability resulting from deserialization of untrusted data. User-controlled input is passed to PHP's unserialize: the POST parameter formkitmemoryrecovery in \RoxPostHandler::getCallbackAction and the 'memory cookie' read by...

CVE-2025-34292

The CVE-2025-34292 issue affects Rox (BeWelcome) where unsafely deserializing untrusted data enables PHP object injection. User input flows into unserialize() via the POST parameter formkit_memory_recovery in RoxPostHandler::getCallbackAction and via the bwRemember memory cookie used by RoxModelB...

CVE-2025-34292 BeWelcome/Rox PHP Object Injection RCE

Rox, the software running BeWelcome, contains a PHP object injection vulnerability resulting from deserialization of untrusted data. User-controlled input is passed to PHP's unserialize: the POST parameter formkitmemoryrecovery in \RoxPostHandler::getCallbackAction and the 'memory cookie' read by...

CVE-2025-62025 WordPress JobSearch plugin < 3.0.8 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in eyecix JobSearch wp-jobsearch.This issue affects JobSearch: from n/a through 3.0.8...

CVE-2025-62025

CVE-2025-62025 is a PHP Object Injection vulnerability affecting the WordPress plugin JobSearch WP Job Board (versions earlier than 3.0.8). The connected sources identify an unauthenticated PHP Object Injection in JobSearch

CVE-2025-62008 WordPress Product Table For WooCommerce plugin <= 1.2.4 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in acowebs Product Table For WooCommerce product-table-for-woocommerce.This issue affects Product Table For WooCommerce: from n/a through = 1.2.4...

CVE-2025-60238

CVE-2025-60238 describes a deserialization of untrusted data vulnerability in the WordPress plugin UNIVERSAM (universam-demo) affecting versions from n/a through

CVE-2025-60234

CVE-2025-60234 concerns the WordPress Single Property theme (versions

CVE-2025-60228 WordPress Knowledge Base theme <= 2.9 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in designthemes Knowledge Base kbase allows Object Injection.This issue affects Knowledge Base: from n/a through = 2.9...

CVE-2025-60225

CVE-2025-60225 is a deserialization-of-untrusted-data vulnerability affecting WordPress BugsPatrol theme (≤ 1.5.0). The issue is a PHP Object Injection flaw in BugsPatrol’s deserialization path, as reported across multiple trusted sources. The available connected documents confirm the affected pr...

CVE-2025-60216 WordPress Addison theme < 1.4.8 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in BoldThemes Addison addison allows Object Injection.This issue affects Addison: from n/a through 1.4.8...

CVE-2025-60214

CVE-2025-60214: A Deserialization of Untrusted Data vulnerability in the WordPress Goldenblatt theme (Goldenblatt) up to version 1.2.1 allows PHP Object Injection. The issue affects Goldenblatt versions n/a—

CVE-2025-60214 WordPress Goldenblatt theme < 1.3.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in BoldThemes Goldenblatt goldenblatt allows Object Injection.This issue affects Goldenblatt: from n/a through 1.3.0...

CVE-2025-60212 WordPress VEDA Theme <= 4.2 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in designthemes VEDA veda allows Object Injection.This issue affects VEDA: from n/a through = 4.2...

CVE-2025-52740 WordPress Boldermail Plugin <= 2.4.0 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in Hernan Villanueva Boldermail boldermail allows Object Injection.This issue affects Boldermail: from n/a through = 2.4.0...

CVE-2025-52737 WordPress WP Store Locator plugin <= 2.2.260 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Tijmen Smit WP Store Locator wp-store-locator allows Object Injection.This issue affects WP Store Locator: from n/a through = 2.2.260...

CVE-2025-49380 WordPress WooCommerce Vehicle Parts Finder plugin <= 3.7 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in wpinstinct WooCommerce Vehicle Parts Finder woo-vehicle-parts-finder allows Object Injection.This issue affects WooCommerce Vehicle Parts Finder: from n/a through = 3.7...

CVE-2025-49380 WordPress WooCommerce Vehicle Parts Finder plugin <= 3.7 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in wpinstinct WooCommerce Vehicle Parts Finder woo-vehicle-parts-finder allows Object Injection.This issue affects WooCommerce Vehicle Parts Finder: from n/a through = 3.7...

CVE-2025-32283 WordPress Solar Energy theme <= 3.5 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in designthemes Solar Energy solar allows Object Injection.This issue affects Solar Energy: from n/a through = 3.5...

CVE-2025-32283 WordPress Solar Energy theme <= 3.5 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in designthemes Solar Energy solar allows Object Injection.This issue affects Solar Energy: from n/a through = 3.5...