CVE-2025-47581 WordPress WordPress Events Calendar Registration & Tickets plugin <= 2.6.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in elbisnero WordPress Events Calendar Registration & Tickets wpeventplus allows Object Injection.This issue affects WordPress Events Calendar Registration & Tickets: from n/a through = 2.6.0...

CVE-2022-4265 Replyable < 2.2.10 - Subscriber+ PHP Object Injection

The Replyable WordPress plugin before 2.2.10 does not validate the class name submitted by the request when instantiating an object in the promptdismissnotice action and also lacks CSRF check in the related action. This could allow any authenticated users, such as subscriber to perform Object...

SUSE CVE-2012-4540

Off-by-one error in the invoke function in IcedTeaScriptablePluginObject.cc in IcedTea-Web 1.1.x before 1.1.7, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.x before 1.4.1 allows remote attackers to obtain sensitive information, cause a denial of service crash, or possibly execute arbitrary cod...

Java security bypass from LiveConnect loaded via data: URL meta refresh — Mozilla

Security researcher Gregory Fleischer reported that when a Java LiveConnect script was loaded via a data: URL which redirects via a meta refresh, then the resulting plugin object was created with the wrong security principal and thus received elevated privileges such as the abilities to read loca...