21 matches found
EUVD-2024-46887
Malicious code in bioql PyPI...
EUVD-2024-48402
Malicious code in bioql PyPI...
EUVD-2025-7194
Malicious code in bioql PyPI...
EUVD-2024-48463
Malicious code in bioql PyPI...
EUVD-2024-33351
Malicious code in bioql PyPI...
EUVD-2024-17597
Malicious code in bioql PyPI...
EUVD-2025-4831
Malicious code in bioql PyPI...
CVE-2025-7504
The Friends plugin for WordPress is vulnerable to PHP Object Injection in version 3.5.1 via deserialization of untrusted input of the queryvars parameter This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. No known POP chain is prese...
CVE-2025-52828 WordPress Red Art theme <= 3.8 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in designthemes Red Art redart allows Object Injection.This issue affects Red Art: from n/a through = 3.8...
CVE-2024-13786
The education theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.6.10 via deserialization of untrusted input in the 'themerexcallbackviewmoreposts' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP...
WordPress Amwerk Theme <= 1.2.0 is vulnerable to PHP Object Injection
Software Amwerk Type Theme Vulnerable versions = 1.2.0 Fixed in 1.3.0 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2025-52724 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 03a8b40aebf6 Credits Bonds Required privilege Unauthenticated Published...
CVE-2025-49073 WordPress Sweet Dessert < 1.1.13 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in axiomthemes Sweet Dessert sweet-dessert allows Object Injection.This issue affects Sweet Dessert: from n/a through 1.1.13...
CVE-2023-6933
The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. I...
CVE-2025-47683 WordPress WP Maintenance plugin <= 6.1.9.7 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in Florent Maillefaud WP Maintenance wp-maintenance allows Object Injection.This issue affects WP Maintenance: from n/a through = 6.1.9.7...
CVE-2025-32569 WordPress TableOn plugin <= 1.0.4.3 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in RealMag777 TableOn posts-table-filterable allows Object Injection.This issue affects TableOn: from n/a through = 1.0.4.3...
CVE-2025-30892 WordPress WpTravelly Plugin <= 1.8.7 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in magepeopleteam WpTravelly tour-booking-manager allows Object Injection.This issue affects WpTravelly: from n/a through = 1.8.7...
CVE-2025-31074 WordPress MDJM Event Management plugin <= 1.7.5.2 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in MDJM MDJM Event Management allows Object Injection. This issue affects MDJM Event Management: from n/a through 1.7.5.2...
CVE-2025-0724
The CVE-2025-0724 entry concerns the ProfileGrid – User Profiles, Groups and Communities WordPress plugin. Affected: ProfileGrid versions up to and including 5.9.4.5. Vulnerability type: PHP Object Injection via deserialization of untrusted input in get_user_meta_fields_html. Impact: potential to...
PT-2025-12478 · WordPress · Export/Import Users/Customers
Name of the Vulnerable Software and Affected Versions: Export and Import Users and Customers plugin for WordPress versions up to, and including, 2.6.2 Description: The issue is related to PHP Object Injection via deserialization of untrusted input from the form data parameter. This allows...
CVE-2024-13410 CozyStay <= 1.7.0 and TinySalt <= 3.9.0 - Unauthenticated PHP Object Injection in ajax_handler
The CozyStay and TinySalt plugins for WordPress are vulnerable to PHP Object Injection in all versions up to, and including, 1.7.0, and in all versions up to, and including 3.9.0, respectively, via deserialization of untrusted input in the 'ajaxhandler' function. This makes it possible for...