CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

26 matches found

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-17619

Malicious code in bioql PyPI...

7.5CVSS6.4AI score0.01157EPSS

Exploits0References2

NVD•added 2025/08/20 3:15 a.m.•5 views

CVE-2025-8145

The Redirection for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.4 via deserialization of untrusted input in the getleadfields function. This makes it possible for unauthenticated attackers to inject a PHP Object. The addition...

8.8CVSS0.02062EPSS

Exploits0References2

Patchstack•added 2025/08/05 6:2 a.m.•5 views

WordPress Groundhogg plugin <= 4.2.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by 63n0 in WordPress Plugin Groundhogg versions = 4.2.2...

6.6CVSS4.9AI score0.00112EPSS

Exploits0Affected Software1

Patchstack•added 2025/07/01 10:53 p.m.•5 views

WordPress Forminator plugin <= 1.44.2 - Unauthenticated PHP Object Injection (PHAR) Triggered via Administrator Form Submission Deletion vulnerability

Unauthenticated PHP Object Injection PHAR Triggered via Administrator Form Submission Deletion vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Forminator versions = 1.44.2...

8.8CVSS7.1AI score0.02155EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2025/05/22 7:38 a.m.•3 views

CVE-2018-20987

The newsletters-lite plugin before 4.6.8.6 for WordPress has PHP object injection...

9.8CVSS7.2AI score0.01077EPSS

Exploits0References1

Patchstack•added 2025/05/07 3:6 p.m.•9 views

WordPress WP-CRM System plugin <= 3.4.5 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Ngo Bui Truong Vu in WordPress Plugin WP-CRM System versions = 3.4.5...

7.2CVSS8.4AI score0.00398EPSS

Exploits0Affected Software1

Patchstack•added 2025/04/14 1:31 p.m.•3 views

WordPress Question Answer plugin <= 1.2.73 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by LVT-tholv2k in WordPress Plugin Question Answer versions = 1.2.73...

8.8CVSS8.5AI score0.00431EPSS

Exploits0Affected Software1

Vulnrichment•added 2025/04/10 8:9 a.m.•6 views

CVE-2025-32145 WordPress WpEvently plugin <= 4.3.5 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently allows Object Injection. This issue affects WpEvently: from n/a through 4.3.5...

8.8CVSS6.9AI score0.00214EPSS

Exploits0References1

Cvelist•added 2025/04/04 3:58 p.m.•9 views

CVE-2025-32159 WordPress Radius Blocks plugin <= 2.2.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in RadiusTheme Radius Blocks radius-blocks allows PHP Local File Inclusion.This issue affects Radius Blocks: from n/a through = 2.2.1...

7.5CVSS0.01855EPSS

Exploits0References1

CVE•added 2025/04/04 3:58 p.m.•43 views

CVE-2025-32142

CVE-2025-32142 affects Motors – Car Dealership & Classified Listings Plugin (WordPress). The vulnerability is an Improper Control of Filename for Include/Require in PHP (PHP Local File Inclusion) that enables LFI, with the issue described as part of Motors versions up to 1.4.65 in the initial ent...

8.8CVSS7.2AI score0.01855EPSS

Exploits0References1

CVE•added 2025/03/04 3:37 a.m.•197 views

CVE-2025-0912

The CVE-2025-0912 entry concerns the Donations Widget plugin for WordPress (GiveWP)

9.8CVSS8.2AI score0.02693EPSS

Exploits0References6Affected Software1

RedhatCVE•added 2025/02/06 2:18 a.m.•4 views

CVE-2025-0428

The "AI Power: Complete AI Pack" plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.8.96 via deserialization of untrusted input from the $form'postcontent' variable through the wpaicgexportprompts function. This allows authenticated attackers, with...

7.2CVSS9.6AI score0.00358EPSS

Exploits0References1

RedhatCVE•added 2025/02/04 10:38 p.m.•5 views

CVE-2024-8252

The Clean Login plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.14.5 via the 'template' attribute of the clean-login-register shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and...

8.8CVSS7.7AI score0.44152EPSS

Exploits0References1

Cvelist•added 2024/11/18 2:27 p.m.•269 views

CVE-2024-52430 WordPress Lis Video Gallery plugin <= 0.2.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in bublick Lis Video Gallery lis-video-gallery allows Object Injection.This issue affects Lis Video Gallery: from n/a through = 0.2.1...

9.8CVSS0.32114EPSS

Exploits0References1

Vulnrichment•added 2024/10/20 8:10 a.m.•11 views

CVE-2024-49332 WordPress Giveaway Boost plugin <= 2.1.4 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Giveaway Boost allows Object Injection.This issue affects Giveaway Boost: from n/a through 2.1.4...

9.8CVSS9.5AI score0.00517EPSS

Exploits0References1

OSV•added 2024/05/14 3:25 p.m.•0 views

UBUNTU-CVE-2024-31459

Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, there is a file inclusion issue in the lib/plugin.php file. Combined with SQL injection vulnerabilities, remote code execution can be implemented. There is a file inclusion issue with the apipluginho...

8CVSS7.8AI score0.01844EPSS

Exploits1References6

vulnersOsv•added 2024/03/06 6:30 p.m.•0 views

org.jenkins-ci.plugins:php (=1.0), org.jenkins-ci.plugins:qftest (>=1.0.0 <=1.0.18) potentially affected by CVE-2024-28150 via org.jenkins-ci.plugins:htmlpublisher (>=1.0 <=1.3)

org.jenkins-ci.plugins:htmlpublisher MAVEN version =1.0, =1.0.0, =1.0.18 Source cves: CVE-2024-28150 Source advisory: OSV:GHSA-XRRW-9J78-HPF3...

4.7CVSS5.8AI score0.00176EPSS

Exploits0

Vulnrichment•added 2024/01/19 2:37 p.m.•1 views

CVE-2022-45083 WordPress ProfilePress Plugin <= 4.3.2 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress.This issue affects Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User...

6.6CVSS6.7AI score0.00272EPSS

Exploits0References1

Vulnrichment•added 2024/01/08 5:13 p.m.•3 views

CVE-2023-52225 WordPress Taggbox Plugin <= 3.1 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in Tagbox Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics.This issue affects Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics: from n/a through 3.1...

10CVSS9.7AI score0.00827EPSS

Exploits0References1

CVE•added 2023/11/20 6:55 p.m.•44 views

CVE-2023-5340

The CVE-2023-5340 affects the Five Star Restaurant Menu and Food Ordering WordPress plugin prior to version 2.4.11. The issue is unauthenticated deserialization via an AJAX action, enabling PHP Object Injection when a suitable gadget is present on the blog. Remediation: upgrade to version 2.4.11 ...

9.8CVSS9.8AI score0.01033EPSS

Exploits2References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by