| 2025-03-04 | CVE-2025-0912 | Deserialization of Untrusted Data vulnerability in Givewp
The Donations Widget plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.19.4 via deserialization of untrusted input from the Donation Form through the 'card_address' parameter. | 9.8 |
| 2025-03-03 | CVE-2025-26967 | Deserialization of Untrusted Data vulnerability in Stiofan Events Calendar for GeoDirectory allows Object Injection. | 8.8 |
| 2025-03-01 | CVE-2024-13833 | The Album Gallery – WordPress Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.3 via deserialization of untrusted input from gallery meta. | 7.2 |
| 2025-02-28 | CVE-2024-13831 | Deserialization of Untrusted Data vulnerability in Wpbranch Tabs for Woocommerce 1.0.0
The Tabs for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input in the 'product_has_custom_tabs' function. | 7.2 |
| 2025-02-27 | CVE-2025-1741 | A vulnerability classified as problematic was found in b1gMail up to 7.4.1-pl1. | 4.7 |
| 2025-02-22 | CVE-2025-1556 | A vulnerability, which was classified as problematic, has been found in westboy CicadasCMS 1.0. | 4.7 |
| 2025-02-22 | CVE-2024-13899 | Deserialization of Untrusted Data vulnerability in Misterpah Mambo Joomla Importer 1.0
The Mambo Importer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0 via deserialization of untrusted input via the $data parameter in the fImportMenu function. | 7.2 |
| 2025-02-20 | CVE-2024-13789 | Deserialization of Untrusted Data vulnerability in Matiskiba Ravpage
The ravpage plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.31 via deserialization of untrusted input from the 'paramsv2' parameter. | 9.8 |
| 2025-02-19 | CVE-2024-28777 | IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 is vulnerable to unrestricted deserialization. | 8.8 |
| 2025-02-19 | CVE-2024-45084 | IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 could allow an authenticated attacker to conduct formula injection. | 8.0 |