3718 matches found
CVE-2025-6742
The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.7.3 via the use of fileexists in the deleteentryfiles function without restriction on the path provided. This makes it possible for...
CVE-2025-6742
The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.7.3 via the use of fileexists in the deleteentryfiles function without restriction on the path provided. This makes it possible for...
CVE-2025-6742
Mode C: CVE-2025-6742 affects the WordPress plugin SureForms – Drag and Drop Form Builder for WordPress up to version 1.7.3. The root cause is use of file_exists() in delete_entry_files() with no path restriction, enabling unauthenticated PHP Object Injection. The report notes that no known POP c...
CVE-2025-6742 SureForms – Drag and Drop Form Builder for WordPress <= 1.7.3 - Unauthenticated PHP Object Injection (PHAR) Triggered via Admin Submission Deletion
The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.7.3 via the use of fileexists in the deleteentryfiles function without restriction on the path provided. This makes it possible for...
CVE-2025-6742 SureForms – Drag and Drop Form Builder for WordPress <= 1.7.3 - Unauthenticated PHP Object Injection (PHAR) Triggered via Admin Submission Deletion
The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.7.3 via the use of fileexists in the deleteentryfiles function without restriction on the path provided. This makes it possible for...
CVE-2025-7216
A vulnerability, which was classified as critical, was found in lty628 Aidigu up to 1.8.2. This affects the function checkUserCookie of the file /application/common.php of the component PHP Object Handler. The manipulation of the argument rememberMe leads to deserialization. It is possible to...
CVE-2025-7216
CVE-2025-7216 affects lty628 Aidigu versions up to 1.8.2. The vulnerability resides in the PHP Object Handler's file /application/common.php, specifically the function checkUserCookie, where manipulating the rememberMe argument leads to deserialization. This allows remote exploitation and, per so...
CVE-2025-7216 lty628 Aidigu PHP Object common.php checkUserCookie deserialization
A vulnerability, which was classified as critical, was found in lty628 Aidigu up to 1.8.2. This affects the function checkUserCookie of the file /application/common.php of the component PHP Object Handler. The manipulation of the argument rememberMe leads to deserialization. It is possible to...
CVE-2025-7216 lty628 Aidigu PHP Object common.php checkUserCookie deserialization
A vulnerability, which was classified as critical, was found in lty628 Aidigu up to 1.8.2. This affects the function checkUserCookie of the file /application/common.php of the component PHP Object Handler. The manipulation of the argument rememberMe leads to deserialization. It is possible to...
PT-2025-28844 · WordPress · Sureforms
Name of the Vulnerable Software and Affected Versions: SureForms – Drag and Drop Form Builder for WordPress versions up to 1.7.3 Description: The issue allows unauthenticated attackers to inject a PHP object through the use of file exists in the delete entry files function without restriction on...
WordPress SureForms plugin <= 1.7.3 - Unauthenticated PHP Object Injection (PHAR) vulnerability
Unauthenticated PHP Object Injection PHAR vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin SureForms versions = 1.7.3...
WordPress Yogi theme < 2.9.3 - PHP Object Injection Vulnerability
PHP Object Injection Vulnerability discovered by Bonds in WordPress Theme Yogi versions 2.9.3...
WordPress Hillter theme <= 3.0.7 - PHP Object Injection Vulnerability
PHP Object Injection Vulnerability discovered by Bonds in WordPress Theme Hillter versions = 3.0.7...
WordPress Hillter Theme <= 3.0.7 is vulnerable to PHP Object Injection
Software Hillter Type Theme Vulnerable versions = 3.0.7 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-24777 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 8e030521d3a0 Credits Bonds Required privilege Subscriber Published 8 Jul...
WordPress Yogi Theme <= 2.9.0 is vulnerable to PHP Object Injection
Software Yogi Type Theme Vulnerable versions = 2.9.0 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-24779 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 10b2a1712298 Credits Bonds Required privilege Subscriber Published 8 July,...
WordPress Noisa Theme <= 2.6.0 is vulnerable to PHP Object Injection
Software Noisa Type Theme Vulnerable versions = 2.6.0 Fixed in 2.6.2 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-53560 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 60e4fbd75f25 Credits Bonds Required privilege Subscriber Published 8 Jul...
WordPress Site Chat on Telegram plugin <= 1.0.4 - PHP Object Injection Vulnerability
PHP Object Injection Vulnerability discovered by Drew / mcdruid in WordPress Plugin Site Chat on Telegram versions = 1.0.4...
WordPress CoSchool LMS plugin <= 1.4.3 - PHP Object Injection Vulnerability
PHP Object Injection Vulnerability discovered by Drew / mcdruid in WordPress Plugin CoSchool LMS versions = 1.4.3...
WordPress Subscribe to Download plugin <= 2.0.9 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Subscribe to Download versions = 2.0.9...
CVE-2025-52828 WordPress Red Art theme <= 3.8 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in designthemes Red Art redart allows Object Injection.This issue affects Red Art: from n/a through = 3.8...