WordPress Connector for Gravity Forms and Google Sheets plugin <= 1.2.6 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Connector for Gravity Forms and Google Sheets versions = 1.2.6...

WordPress WP Gravity Forms Salesforce plugin <= 1.5.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WP Gravity Forms Salesforce versions = 1.5.1...

CVE-2025-54785

CVE-2025-54785 affects SuiteCRM versions 7.14.6 and 8.8.0. The issue arises from unvalidated user input passed to unserialize(), enabling potential penetration, privilege escalation, sensitive data exposure, Denial of Service, cryptomining and ransomware. Remediation: upgrade to 7.14.7 or 8.8.1. ...

CVE-2025-54785 SuiteCRM is Vulnerable to PHP Object Injection in Reports

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. In versions 7.14.6 and 8.8.0, user-supplied input is not validated/sanitized before it is passed to the unserialize function, which could lead to penetration, privilege escalation, sensitive da...

CVE-2025-54785 SuiteCRM is Vulnerable to PHP Object Injection in Reports

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. In versions 7.14.6 and 8.8.0, user-supplied input is not validated/sanitized before it is passed to the unserialize function, which could lead to penetration, privilege escalation, sensitive da...

WordPress Post Grid and Gutenberg Blocks Plugin <= 2.3.11 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Post Grid and Gutenberg Blocks versions = 2.3.11...

WordPress Boldermail Plugin <= 2.4.0 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Drew / mcdruid in WordPress Plugin Boldermail versions = 2.4.0...

WordPress Groundhogg plugin <= 4.2.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by 63n0 in WordPress Plugin Groundhogg versions = 4.2.2...

WordPress WP Store Locator plugin <= 2.2.260 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by muhammad yudha in WordPress Plugin WP Store Locator versions = 2.2.260...

WordPress Exertio Theme <= 1.3.2 is vulnerable to PHP Object Injection

Software Exertio Type Theme Vulnerable versions = 1.3.2 Fixed in 1.3.3 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-54686 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID d25a71f8c070 Credits Aiden Required privilege Unauthenticated Publishe...

WordPress Content Egg plugin <= 7.0.0 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by timomangcut in WordPress Plugin Content Egg versions = 7.0.0...

WordPress MediCenter - Health Medical Clinic <= 15.1 - PHP Object Injection Vulnerability

WordPress MediCenter - Health Medical Clinic = 15.1 - PHP Object Injection Vulnerability discovered by Frank in WordPress Theme MediCenter - Health Medical Clinic versions = 15.1...

WordPress MediCenter - Health Medical Clinic Theme <= 15.1 is vulnerable to PHP Object Injection

Software MediCenter - Health Medical Clinic Type Theme Vulnerable versions = 15.1 Fixed in 15.2 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-54014 Patch priority High CVSS severity High 9.8 Developer EPC PSID b489f4cff59c Credits Aiden Required privilege...

CVE-2016-15044 Kaltura < 11.1.0-2 PHP Object Injection RCE

A remote code execution vulnerability exists in Kaltura versions prior to 11.1.0-2 due to unsafe deserialization of user-controlled data within the keditorservices module. An unauthenticated remote attacker can exploit this issue by sending a specially crafted serialized PHP object in the kdata G...

CVE-2016-15044 Kaltura < 11.1.0-2 PHP Object Injection RCE

A remote code execution vulnerability exists in Kaltura versions prior to 11.1.0-2 due to unsafe deserialization of user-controlled data within the keditorservices module. An unauthenticated remote attacker can exploit this issue by sending a specially crafted serialized PHP object in the kdata G...

CVE-2025-7697

The Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.1 via deserialization of untrusted input within the verifyfieldval function. This makes it possible for...

CVE-2025-7696

The Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.3 via deserialization of untrusted input within the verifyfieldval function. This makes it possible for...

WordPress Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.1 - Unauthenticated PHP Object Injection via verify_field_val Function vulnerability

Unauthenticated PHP Object Injection via verifyfieldval Function vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms versions = 1.1.1...

WordPress Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.2.3 - Unauthenticated PHP Object Injection via verify_field_val Function vulnerability

Unauthenticated PHP Object Injection via verifyfieldval Function vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms versions = 1.2.3...

Exploit for CVE-2025-49113

CVE-2025-49113 – Roundcube Webmail RCE Exploit Python PoC...