2 matches found
CVE-2026-3017 Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts <= 3.0.12 - Authenticated (Administrator+) PHP Object Injection
The Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.12 via deserialization of untrusted input in the importshortcodes function. This makes it possible for authenticate...
CVE-2025-7825
CVE-2025-7825 affects Schema Plugin For Divi, Gutenberg & Shortcodes (WordPress) up to version 4.3.2. The flaw is Object Instantiation via deserialization of untrusted input through the wpt_schema_breadcrumbs shortcode. Exploitation requires authenticated access at Contributor level or higher; th...