Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

NVD
NVDadded 2026/04/08 2:16 a.m.4 views

CVE-2026-3296

The Everest Forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.4.3 via deserialization of untrusted input from form entry metadata. This is due to the html-admin-page-entries-view.php file calling PHP's native unserialize on stored entry meta...

9.8CVSS0.00037EPSS
Exploits1References6
Vulnrichment
Vulnrichmentadded 2026/03/05 5:54 a.m.0 views

CVE-2026-27438 WordPress Kingler theme <= 1.7 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in ThemeREX Kingler kingler allows Object Injection.This issue affects Kingler: from n/a through = 1.7...

9.8CVSS5.8AI score0.00061EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/01/20 2:26 p.m.2 views

CVE-2026-0726

The Nexter Extension – Site Enhancements Toolkit plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.6 via deserialization of untrusted input in the 'nxtunserializereplace' function. This makes it possible for unauthenticated attackers to inject a...

8.1CVSS6AI score0.00261EPSS
Exploits0References3
Patchstack
Patchstackadded 2025/08/21 12:0 a.m.4 views

WordPress Organic Beauty Theme <= 1.4.6 is vulnerable to PHP Object Injection

Software Organic Beauty Type Theme Vulnerable versions = 1.4.6 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-49890 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID d8832a3c672f Credits Bonds Required privilege Unauthenticated...

5.9CVSS6.3AI score0.00138EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVEadded 2025/05/23 2:54 a.m.3 views

CVE-2023-1669

The SEOPress WordPress plugin before 6.5.0.3 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...

7.2CVSS7AI score0.05593EPSS
Exploits2References1
Patchstack
Patchstackadded 2025/05/22 11:23 a.m.1 views

WordPress Car Dealer theme <= 1.6.6 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Bonds in WordPress Theme Car Dealer versions = 1.6.6...

9.8CVSS7.2AI score0.00369EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologiesadded 2023/06/07 12:0 a.m.3 views

PT-2023-11869 · Unknown · Newsletter Manager

Name of the Vulnerable Software and Affected Versions: Newsletter Manager versions up to, and including, 1.5.1 Description: The issue is related to insecure deserialization. This is caused by unsanitized input from the customFieldsDetails parameter being passed through a deserialization function,...

9.8CVSS9.3AI score0.01152EPSS
Exploits1References5
OSV
OSVadded 2022/09/26 1:15 p.m.0 views

CVE-2022-2903

The Ninja Forms Contact Form WordPress plugin before 3.6.13 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog...

7.2CVSS5.8AI score
Exploits0References1
Rows per page
Query Builder