CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3718 matches found

Patchstack•added 2025/08/21 11:34 a.m.•10 views

WordPress PressApps Knowledge Base Contextual Sidebar Addon Plugin <= 4.2.1 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin PressApps Knowledge Base Contextual Sidebar Addon versions = 4.2.1...

6.5CVSS6.9AI score0.00452EPSS

Exploits0Affected Software1

Patchstack•added 2025/08/20 1:29 p.m.•3 views

WordPress WP Funnel Manager Plugin <= 1.4.0 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Drew / mcdruid in WordPress Plugin WP Funnel Manager versions = 1.4.0...

9.8CVSS7AI score0.00381EPSS

Exploits0Affected Software1

Cvelist•added 2025/08/20 8:3 a.m.•8 views

CVE-2025-54014 WordPress MediCenter - Health Medical Clinic <= 15.1 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in QuanticaLabs MediCenter - Health Medical Clinic medicenter allows Object Injection.This issue affects MediCenter - Health Medical Clinic: from n/a through = 15.1...

9.8CVSS0.0037EPSS

Exploits0References1

Vulnrichment•added 2025/08/20 8:3 a.m.•2 views

CVE-2025-54014 WordPress MediCenter - Health Medical Clinic <= 15.1 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in QuanticaLabs MediCenter - Health Medical Clinic allows Object Injection. This issue affects MediCenter - Health Medical Clinic: from n/a through 15.1...

9.8CVSS7.1AI score0.0037EPSS

Exploits0References1

NVD•added 2025/08/20 3:15 a.m.•7 views

CVE-2025-8145

The Redirection for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.4 via deserialization of untrusted input in the getleadfields function. This makes it possible for unauthenticated attackers to inject a PHP Object. The addition...

8.8CVSS0.00483EPSS

Exploits0References2

CVE•added 2025/08/20 1:44 a.m.•27 views

CVE-2025-8289

CVE-2025-8289 affects the WordPress plugin Redirection for Contact Form 7, vulnerable to unauthenticated PHP Object Injection via PHAR deserialization in delete_associated_files, for versions up to 3.2.4. Exploitation requires a form with a file upload action and the extension “Redirection For Co...

7.5CVSS7.2AI score0.00367EPSS

Exploits0References2

CVE•added 2025/08/20 1:44 a.m.•45 views

CVE-2025-8145

CVE-2025-8145 affects the WordPress plugin Redirection for Contact Form 7 (versions up to and including 3.2.4). The vulnerability arises from deserialization of untrusted input in the get_lead_fields function, enabling unauthenticated PHP object injection. The presence of a POP chain in the plugi...

8.8CVSS7.6AI score0.00483EPSS

Exploits0References2

CNNVD•added 2025/08/20 12:0 a.m.•1 views

WordPress plugin Redirection for Contact Form 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

8.8CVSS6.8AI score0.00483EPSS

Exploits0References3

Positive Technologies•added 2025/08/20 12:0 a.m.•3 views

PT-2025-33894

Name of the Vulnerable Software and Affected Versions: Redirection for Contact Form 7 plugin for WordPress versions up to and including 3.2.4 Description: The Redirection for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection via deserialization of untrusted input in the ge...

8.8CVSS7.1AI score0.00483EPSS

Exploits0References7

Positive Technologies•added 2025/08/20 12:0 a.m.•3 views

PT-2025-33895 · WordPress +1 · Redirection For Contact Form 7 +2

Name of the Vulnerable Software and Affected Versions: Redirection for Contact Form 7 plugin for WordPress versions prior to 3.2.5 Description: The Redirection for Contact Form 7 plugin for WordPress is susceptible to PHP Object Injection due to deserialization of untrusted input within the delet...

7.5CVSS7.1AI score0.00367EPSS

Exploits0References5

Patchstack•added 2025/08/19 11:36 p.m.•5 views

WordPress Redirection for Contact Form 7 plugin <= 3.2.4 - Unauthenticated PHP Object Injection via PHAR Deserialization vulnerability

Unauthenticated PHP Object Injection via PHAR Deserialization vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Redirection for Contact Form 7 versions = 3.2.4...

7.5CVSS7.2AI score0.00367EPSS

Exploits0References1Affected Software1

Patchstack•added 2025/08/19 11:35 p.m.•5 views

WordPress Redirection for Contact Form 7 plugin <= 3.2.4 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Redirection for Contact Form 7 versions = 3.2.4...

8.8CVSS7.1AI score0.00483EPSS

Exploits0References1Affected Software1

Patchstack•added 2025/08/19 11:14 a.m.•4 views

WordPress ThemeMakers Visual Content Composer Plugin <= 1.5.8 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Bonds in WordPress Plugin ThemeMakers Visual Content Composer versions = 1.5.8...

9.8CVSS7AI score0.00464EPSS

Exploits0Affected Software1

Patchstack•added 2025/08/17 1:28 a.m.•4 views

WordPress Simple Login Log plugin <= 1.1.3 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by mcdruid in WordPress Plugin Simple Login Log versions = 1.1.3...

7.2CVSS7.1AI score0.00374EPSS

Exploits0Affected Software1

RedhatCVE•added 2025/08/15 4:34 a.m.•2 views

CVE-2025-7384

The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.3 via deserialization of untrusted input in the getleaddetail function. This makes it possible for unauthenticated attackers to inject a P...

9.8CVSS8.8AI score0.01589EPSS

Exploits0References1

Cvelist•added 2025/08/14 10:34 a.m.•16 views

CVE-2025-54686 WordPress Exertio Theme <= 1.3.2 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in scriptsbundle Exertio exertio allows Object Injection.This issue affects Exertio: from n/a through = 1.3.2...

9.8CVSS0.0037EPSS

Exploits0References1

Vulnrichment•added 2025/08/14 10:34 a.m.•2 views

CVE-2025-47536 WordPress Content Egg plugin <= 7.0.0 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in keywordrush Content Egg content-egg allows Object Injection.This issue affects Content Egg: from n/a through = 7.0.0...

7.2CVSS5.2AI score0.00436EPSS

Exploits0References1

Cvelist•added 2025/08/13 4:22 a.m.•14 views

CVE-2025-7384 Database for Contact Form 7, WPforms, Elementor forms <= 1.4.3 - Unauthenticated PHP Object Injection to Arbitrary File Deletion

9.8CVSS0.01589EPSS

Exploits0References3

Positive Technologies•added 2025/08/13 12:0 a.m.•1 views

PT-2025-32965

Name of the Vulnerable Software and Affected Versions: Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress versions up to and including 1.4.3 Description: The plugin is susceptible to a PHP Object Injection due to the deserialization of untrusted input within the get lead...

9.8CVSS6.3AI score0.01589EPSS

Exploits0References18

OpenVAS•added 2025/08/11 12:0 a.m.•4 views

WordPress Gravity Forms Plugin < 2.7.4 PHP Object Injection Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mediaburst:gravityforms"; if description...

9.8CVSS7.2AI score0.00616EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by