CVE-2025-24779 WordPress Yogi theme <= 2.9.0 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in NooTheme Yogi allows Object Injection. This issue affects Yogi: from n/a through 2.9.0...

CVE-2025-24777 WordPress Hillter theme <= 3.0.7 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in awethemes Hillter allows Object Injection. This issue affects Hillter: from n/a through 3.0.7...

CVE-2025-28961

CVE-2025-28961 corresponds to a deserialization of untrusted data vulnerability in the WordPress URL Shortener plugin (Md Yeasin Ul Haider) 3.0.7 when available, as stated in the sources. The vulnerability is not described as rejected or reserved in the provided materials.

CVE-2025-28961 WordPress URL Shortener <= 3.0.7 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in Md Yeasin Ul Haider URL Shortener exact-links allows Object Injection.This issue affects URL Shortener: from n/a through = 3.0.7...

CVE-2025-30949

CVE-2025-30949 is a PHP Object Injection deserialization vulnerability in the WordPress plugin Site Chat on Telegram (Guru Team Site Chat on Telegram). Affected versions are up to 1.0.4. The issue is triggered via deserializing untrusted data, enabling potential object injection. The CVE is corro...

CVE-2025-30949 WordPress Site Chat on Telegram plugin <= 1.0.4 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in Guru Team Site Chat on Telegram site-chat-on-telegram allows Object Injection.This issue affects Site Chat on Telegram: from n/a through = 1.0.4...

CVE-2025-30973

CVE-2025-30973 describes a PHP Object Injection vulnerability in the WordPress plugin CoSchool LMS (CoSchool LMS 1.4.3.

CVE-2025-30973 WordPress CoSchool LMS plugin <= 1.4.3 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in Codexpert, Inc CoSchool LMS coschool allows Object Injection.This issue affects CoSchool LMS: from n/a through = 1.4.3...

CVE-2025-30973 WordPress CoSchool LMS plugin <= 1.4.3 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in Codexpert, Inc CoSchool LMS coschool allows Object Injection.This issue affects CoSchool LMS: from n/a through = 1.4.3...

CVE-2025-31422 WordPress Visual Art | Gallery WordPress Theme <= 2.4 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in designthemes Visual Art | Gallery WordPress Theme allows Object Injection. This issue affects Visual Art | Gallery WordPress Theme: from n/a through 2.4...

CVE-2025-31422 WordPress Visual Art | Gallery WordPress Theme <= 2.4 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in designthemes Visual Art | Gallery WordPress Theme visual-arts allows Object Injection.This issue affects Visual Art | Gallery WordPress Theme: from n/a through = 2.4...

CVE-2025-53990

CVE-2025-53990 is a deserialization-based PHP Object Injection vulnerability in WordPress plugin JetFormBuilder (versions

CVE-2025-53990 WordPress JetFormBuilder plugin <= 3.5.1.2 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Object Injection.This issue affects JetFormBuilder: from n/a through = 3.5.1.2...

WordPress Visual Art | Gallery WordPress Theme <= 2.4 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Visual Art | Gallery WordPress Theme versions = 2.4...

WordPress Visual Art | Gallery WordPress Theme Theme <= 2.4 is vulnerable to PHP Object Injection

Software Visual Art | Gallery WordPress Theme Type Theme Vulnerable versions = 2.4 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-31422 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID f75a5b9fac9b Credits Tran Nguyen Bao Khanh VC...

WordPress SureForms Plugin Multiple Vulnerabilities (Jul 2025)

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:brainstormforce:sureforms"; if description...

CVE-2025-7504

The Friends plugin for WordPress is vulnerable to PHP Object Injection in version 3.5.1 via deserialization of untrusted input of the queryvars parameter This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. No known POP chain is prese...

CVE-2025-7504

The Friends plugin for WordPress is vulnerable to PHP Object Injection in version 3.5.1 via deserialization of untrusted input of the queryvars parameter This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. No known POP chain is prese...

CVE-2025-7504

The Friends plugin for WordPress is vulnerable to PHP Object Injection in version 3.5.1 via deserialization of untrusted input of the queryvars parameter This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. No known POP chain is prese...

CVE-2025-7504

The CVE-2025-7504 affects the WordPress Friends plugin (v3.5.1). It is vulnerable to PHP Object Injection through deserialization of the query_vars parameter. Exploitation requires authenticated access (subscriber level or higher). The vulnerability has no impact unless a POP chain exists in anot...