93304 matches found
CVE-2026-25358 WordPress Meloo theme < 2.8.2 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in rascals Meloo meloo allows Object Injection.This issue affects Meloo: from n/a through 2.8.2...
CVE-2026-25030 WordPress Goldish theme < 3.47 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in parkofideas Goldish goldish allows Object Injection.This issue affects Goldish: from n/a through 3.47...
CVE-2026-25030 WordPress Goldish theme < 3.47 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in parkofideas Goldish goldish allows Object Injection.This issue affects Goldish: from n/a through 3.47...
CVE-2026-24989
CVE-2026-24989 describes a deserialization of untrusted data in the SUMO Affiliates Pro plugin for WordPress (affs), enabling PHP object injection. Affected: SUMO Affiliates Pro versions below 11.4.0. Root cause: deserialization of untrusted input leading to object injection. Impact: according to...
CVE-2026-24981
CVE-2026-24981 is a Deserialization of Untrusted Data vulnerability in Visionary Core (NooVisionary Core) affecting Visionary Core versions from a pre-release to and including 1.4.9. The issue allows PHP object injection due to deserialization of untrusted data. CVSS v3.1 vector: AV:N/AC:L/PR:L/U...
CVE-2026-24974 WordPress CitiLights theme <= 3.7.1 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in NooTheme CitiLights noo-citilights allows Object Injection.This issue affects CitiLights: from n/a through = 3.7.1...
CVE-2026-24976 WordPress Organici Library plugin <= 2.1.2 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in NooTheme Organici Library noo-organici-library allows Object Injection.This issue affects Organici Library: from n/a through = 2.1.2...
CVE-2026-24974
CVE-2026-24974 concerns the CitiLights WordPress Theme (noo-citilights) vulnerability: Deserialization of untrusted data enabling PHP object injection. Affected software: CitiLights Real Estate WordPress Theme (noo-citilights) versions up to and including 3.7.1. The issue is authenticated (Subscr...
CVE-2026-24378 WordPress EventPrime plugin <= 4.2.8.0 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Object Injection.This issue affects EventPrime: from n/a through = 4.2.8.0...
CVE-2026-24378
CVE-2026-24378 describes a Deserialization of Untrusted Data flaw in EventPrime (Events Calendar, Bookings and Tickets) that enables unauthenticated PHP object injection. Affected: EventPrime
CVE-2026-22516
CVE-2026-22516 is a Local File Inclusion vulnerability affecting WordPress plugin/theme Wizor's Wizor's Investments, specifically versions up to and including 2.12. The issue is described as an improper control of filename for Include/Require statements in PHP, enabling PHP Local File Inclusion (...
CVE-2026-22516 WordPress Wizor's theme <= 2.12 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Wizor's wizors-investments allows PHP Local File Inclusion.This issue affects Wizor's: from n/a through = 2.12...
CVE-2026-22509 WordPress Gioia theme <= 1.4 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Gioia gioia allows PHP Local File Inclusion.This issue affects Gioia: from n/a through = 1.4...
CVE-2026-22508 WordPress Dentalux theme <= 3.3 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in AncoraThemes Dentalux dentalux allows PHP Local File Inclusion.This issue affects Dentalux: from n/a through = 3.3...
CVE-2026-22511
CVE-2026-22511: WordPress NeoBeat theme (NeoBeat, <=1.2) is affected by Local File Inclusion due to Improper Control of Filename for Include/Require in PHP. The issue, described as PHP Remote File Inclusion in the entry, actually enables Local File Inclusion. Affected: NeoBeat WordPress Theme ...
CVE-2026-22511 WordPress NeoBeat theme <= 1.2 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes NeoBeat neobeat allows PHP Local File Inclusion.This issue affects NeoBeat: from n/a through = 1.2...
CVE-2026-22509 WordPress Gioia theme <= 1.4 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Elated-Themes Gioia gioia allows PHP Local File Inclusion.This issue affects Gioia: from n/a through = 1.4...
CVE-2026-22507
CVE-2026-22507 describes a Deserialization of Untrusted Data vulnerability in the WordPress theme Beelove (AncoraThemes Beelove) up to version 1.2.6, allowing PHP object injection. Red Hat and ENISA ENISA-ENISA pages corroborate the same description. The issue affects Beelove: from n/a through
CVE-2026-22504 WordPress ProLingua theme <= 1.1.12 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeREX ProLingua prolingua allows PHP Local File Inclusion.This issue affects ProLingua: from n/a through = 1.1.12...
CVE-2026-22507 WordPress Beelove theme <= 1.2.6 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in AncoraThemes Beelove beelove allows Object Injection.This issue affects Beelove: from n/a through = 1.2.6...