CVE-2017-18605

The gravitate-qa-tracker plugin through 1.2.1 for WordPress has PHP Object Injection...

EUVD-2020-24160

Malware in sbrugna...

EUVD-2023-44011

Malicious code in bioql PyPI...

EUVD-2025-6804

Malicious code in bioql PyPI...

EUVD-2024-34137

Malicious code in bioql PyPI...

EUVD-2024-17517

Malicious code in bioql PyPI...

WordPress Content Egg plugin <= 7.0.0 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by timomangcut in WordPress Plugin Content Egg versions = 7.0.0...

WordPress JetFormBuilder plugin <= 3.5.1.2 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Que Thanh Tuan Blue Rock in WordPress Plugin JetFormBuilder versions = 3.5.1.2...

WordPress Friends plugin <= 3.5.1 - Authenticated (Admin+) PHP Object Injection vulnerability

Authenticated Admin+ PHP Object Injection vulnerability discovered by Pham Nguyen Khoa in WordPress Plugin Friends versions = 3.5.1...

WordPress URL Shortener <= 3.0.7 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by ch4r0n in WordPress Plugin URL Shortener versions = 3.0.7...

WordPress Site Chat on Telegram plugin <= 1.0.4 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Drew / mcdruid in WordPress Plugin Site Chat on Telegram versions = 1.0.4...

WordPress WP Optimize By xTraffic plugin <= 5.1.6 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by timomangcut in WordPress Plugin WP Optimize By xTraffic versions = 5.1.6...

CVE-2023-1405

The Formidable Forms WordPress plugin before 6.2 unserializes user input, which could allow anonymous users to perform PHP Object Injection when a suitable gadget is present...

CVE-2022-3900

The Cooked Pro WordPress plugin before 1.7.5.7 does not properly validate or sanitize the recipeargs parameter before unserializing it in the cookedloadmore action, allowing an unauthenticated attacker to trigger a PHP Object injection vulnerability...

CVE-2022-3366

The PublishPress Capabilities WordPress plugin before 2.5.2, PublishPress Capabilities Pro WordPress plugin before 2.5.2 unserializes the content of imported files, which could lead to PHP object injection attacks by administrators, on multisite WordPress configurations. Successful exploitation i...

CVE-2025-4803 Glossary by WPPedia <= 1.3.0 - Authenticated (Administrator+) PHP Object Injection

The Glossary by WPPedia – Best Glossary plugin for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.0 via deserialization of untrusted input from the 'posttypes' parameter. This makes it possible for authenticated attackers, with...

WordPress Goodlayers Hotel plugin <= 3.1.4 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Bonds in WordPress Plugin Goodlayers Hotel versions = 3.1.4...

WordPress Grand Conference theme <= 5.3 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Bonds in WordPress Theme Grand Conference versions = 5.3...

WordPress Team Members plugin <= 3.4.4 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Team Members Plugin versions = 3.4.4...

WordPress GNUCommerce plugin <= 1.5.4 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin GNUCommerce versions = 1.5.4...