CVE-2025-30973 WordPress CoSchool LMS plugin <= 1.4.3 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in Codexpert, Inc CoSchool LMS coschool allows Object Injection.This issue affects CoSchool LMS: from n/a through = 1.4.3...

CVE-2025-30973

CVE-2025-30973 describes a PHP Object Injection vulnerability in the WordPress plugin CoSchool LMS (CoSchool LMS 1.4.3.

CVE-2025-31422 WordPress Visual Art | Gallery WordPress Theme <= 2.4 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in designthemes Visual Art | Gallery WordPress Theme visual-arts allows Object Injection.This issue affects Visual Art | Gallery WordPress Theme: from n/a through = 2.4...

CVE-2025-31422 WordPress Visual Art | Gallery WordPress Theme <= 2.4 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in designthemes Visual Art | Gallery WordPress Theme allows Object Injection. This issue affects Visual Art | Gallery WordPress Theme: from n/a through 2.4...

CVE-2025-53990 WordPress JetFormBuilder plugin <= 3.5.1.2 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in jetmonsters JetFormBuilder jetformbuilder allows Object Injection.This issue affects JetFormBuilder: from n/a through = 3.5.1.2...

CVE-2025-53990

CVE-2025-53990 is a deserialization-based PHP Object Injection vulnerability in WordPress plugin JetFormBuilder (versions

WordPress Visual Art | Gallery WordPress Theme <= 2.4 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Visual Art | Gallery WordPress Theme versions = 2.4...

WordPress Visual Art | Gallery WordPress Theme Theme <= 2.4 is vulnerable to PHP Object Injection

Software Visual Art | Gallery WordPress Theme Type Theme Vulnerable versions = 2.4 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-31422 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID f75a5b9fac9b Credits Tran Nguyen Bao Khanh VC...

WordPress SureForms Plugin Multiple Vulnerabilities (Jul 2025)

The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:brainstormforce:sureforms"; if description...

CVE-2025-7504

The Friends plugin for WordPress is vulnerable to PHP Object Injection in version 3.5.1 via deserialization of untrusted input of the queryvars parameter This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. No known POP chain is prese...

CVE-2025-7504

The Friends plugin for WordPress is vulnerable to PHP Object Injection in version 3.5.1 via deserialization of untrusted input of the queryvars parameter This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. No known POP chain is prese...

CVE-2025-7504

The Friends plugin for WordPress is vulnerable to PHP Object Injection in version 3.5.1 via deserialization of untrusted input of the queryvars parameter This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. No known POP chain is prese...

CVE-2025-7504

The CVE-2025-7504 affects the WordPress Friends plugin (v3.5.1). It is vulnerable to PHP Object Injection through deserialization of the query_vars parameter. Exploitation requires authenticated access (subscriber level or higher). The vulnerability has no impact unless a POP chain exists in anot...

CVE-2025-7504 Friends 3.5.1 - Authenticated (Subscriber+) PHP Object Injection

The Friends plugin for WordPress is vulnerable to PHP Object Injection in version 3.5.1 via deserialization of untrusted input of the queryvars parameter This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. No known POP chain is prese...

CVE-2025-7504 Friends 3.5.1 - Authenticated (Subscriber+) PHP Object Injection

The Friends plugin for WordPress is vulnerable to PHP Object Injection in version 3.5.1 via deserialization of untrusted input of the queryvars parameter This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. No known POP chain is prese...

PT-2025-29313 · WordPress · Friends Plugin For Wordpress

Name of the Vulnerable Software and Affected Versions: Friends plugin for WordPress version 3.5.1 Description: The Friends plugin for WordPress is vulnerable to PHP Object Injection via deserialization of untrusted input of the query vars parameter. This allows authenticated attackers with...

WordPress Friends plugin <= 3.5.1 - Authenticated (Admin+) PHP Object Injection vulnerability

Authenticated Admin+ PHP Object Injection vulnerability discovered by Pham Nguyen Khoa in WordPress Plugin Friends versions = 3.5.1...

WordPress URL Shortener <= 3.0.7 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by ch4r0n in WordPress Plugin URL Shortener versions = 3.0.7...

CVE-2025-6742

The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.7.3 via the use of fileexists in the deleteentryfiles function without restriction on the path provided. This makes it possible for...

CVE-2025-7216

A vulnerability, which was classified as critical, was found in lty628 Aidigu up to 1.8.2. This affects the function checkUserCookie of the file /application/common.php of the component PHP Object Handler. The manipulation of the argument rememberMe leads to deserialization. It is possible to...