WordPress Simple Login Log plugin <= 1.1.3 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by mcdruid in WordPress Plugin Simple Login Log versions = 1.1.3...

CVE-2025-7384

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.3 via deserialization of untrusted input in the getleaddetail function. This makes it possible for unauthenticated attackers to inject a P...

CVE-2025-54686 WordPress Exertio Theme <= 1.3.2 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in scriptsbundle Exertio exertio allows Object Injection.This issue affects Exertio: from n/a through = 1.3.2...

CVE-2025-47536 WordPress Content Egg plugin <= 7.0.0 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in keywordrush Content Egg content-egg allows Object Injection.This issue affects Content Egg: from n/a through = 7.0.0...

CVE-2025-7384 Database for Contact Form 7, WPforms, Elementor forms <= 1.4.3 - Unauthenticated PHP Object Injection to Arbitrary File Deletion

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.3 via deserialization of untrusted input in the getleaddetail function. This makes it possible for unauthenticated attackers to inject a P...

PT-2025-32965

Name of the Vulnerable Software and Affected Versions: Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress versions up to and including 1.4.3 Description: The plugin is susceptible to a PHP Object Injection due to the deserialization of untrusted input within the get lead...

WordPress Gravity Forms Plugin < 2.7.4 PHP Object Injection Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mediaburst:gravityforms"; if description...

WordPress Connector for Gravity Forms and Google Sheets plugin <= 1.2.6 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Connector for Gravity Forms and Google Sheets versions = 1.2.6...

WordPress WP Gravity Forms Salesforce plugin <= 1.5.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WP Gravity Forms Salesforce versions = 1.5.1...

CVE-2025-54785

CVE-2025-54785 affects SuiteCRM versions 7.14.6 and 8.8.0. The issue arises from unvalidated user input passed to unserialize(), enabling potential penetration, privilege escalation, sensitive data exposure, Denial of Service, cryptomining and ransomware. Remediation: upgrade to 7.14.7 or 8.8.1. ...

CVE-2025-54785 SuiteCRM is Vulnerable to PHP Object Injection in Reports

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. In versions 7.14.6 and 8.8.0, user-supplied input is not validated/sanitized before it is passed to the unserialize function, which could lead to penetration, privilege escalation, sensitive da...

CVE-2025-54785 SuiteCRM is Vulnerable to PHP Object Injection in Reports

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. In versions 7.14.6 and 8.8.0, user-supplied input is not validated/sanitized before it is passed to the unserialize function, which could lead to penetration, privilege escalation, sensitive da...

WordPress Post Grid and Gutenberg Blocks Plugin <= 2.3.11 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Post Grid and Gutenberg Blocks versions = 2.3.11...

WordPress Boldermail Plugin <= 2.4.0 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Drew / mcdruid in WordPress Plugin Boldermail versions = 2.4.0...

WordPress Groundhogg plugin <= 4.2.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by 63n0 in WordPress Plugin Groundhogg versions = 4.2.2...

WordPress WP Store Locator plugin <= 2.2.260 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by muhammad yudha in WordPress Plugin WP Store Locator versions = 2.2.260...

WordPress Exertio Theme <= 1.3.2 is vulnerable to PHP Object Injection

Software Exertio Type Theme Vulnerable versions = 1.3.2 Fixed in 1.3.3 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-54686 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID d25a71f8c070 Credits Aiden Required privilege Unauthenticated Publishe...

WordPress Content Egg plugin <= 7.0.0 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by timomangcut in WordPress Plugin Content Egg versions = 7.0.0...

WordPress MediCenter - Health Medical Clinic <= 15.1 - PHP Object Injection Vulnerability

WordPress MediCenter - Health Medical Clinic = 15.1 - PHP Object Injection Vulnerability discovered by Frank in WordPress Theme MediCenter - Health Medical Clinic versions = 15.1...

WordPress MediCenter - Health Medical Clinic Theme <= 15.1 is vulnerable to PHP Object Injection

Software MediCenter - Health Medical Clinic Type Theme Vulnerable versions = 15.1 Fixed in 15.2 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-54014 Patch priority High CVSS severity High 9.8 Developer EPC PSID b489f4cff59c Credits Aiden Required privilege...