EUVD-2025-38132

Deserialization of Untrusted Data vulnerability in Cristián Lávaque s2Member s2member allows Object Injection.This issue affects s2Member: from n/a through = 250701...

CVE-2025-58998

The CVE-2025-58998 entry documents a deserialization-based PHP Object Injection vulnerability in the WordPress plugin s2Member up to version 250701 (and earlier). The root cause is deserializing untrusted data, enabling object injection with potential impact on confidentiality, integrity, and ava...

WordPress s2Member Plugin <= 250701 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by ChuongVN in WordPress Plugin s2Member versions = 250701...