WordPress Nexter Extension - Site Enhancements Toolkit plugin <= 4.4.6 - Unauthenticated PHP Object Injection via 'nxt_unserialize_replace' vulnerability

WordPress Nexter Extension - Site Enhancements Toolkit plugin = 4.4.6 - Unauthenticated PHP Object Injection via 'nxtunserializereplace' vulnerability discovered by Webbernaut in WordPress Plugin Nexter Extension versions = 4.4.6...

CVE-2026-0726 Nexter Extension – Site Enhancements Toolkit <= 4.4.6 - Unauthenticated PHP Object Injection via 'nxt_unserialize_replace'

The Nexter Extension – Site Enhancements Toolkit plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.6 via deserialization of untrusted input in the 'nxtunserializereplace' function. This makes it possible for unauthenticated attackers to inject a...

CVE-2024-10936

The String locator plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.6 via deserialization of untrusted input in the 'recursiveunserializereplace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP...

WordPress Backup Migration plugin <= 1.4.6 - Unauthenticated PHP Object Injection via 'recursive_unserialize_replace' vulnerability

Unauthenticated PHP Object Injection via 'recursiveunserializereplace' vulnerability discovered by Webbernaut in WordPress Plugin Backup Migration versions = 1.4.6...