| 2025-03-14 | CVE-2024-13824 | Deserialization of Untrusted Data vulnerability in Potenzaglobalsolutions Ciyashop
The CiyaShop - Multipurpose WooCommerce Theme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.19.0 via deserialization of untrusted input in the 'add_ciyashop_wishlist' and 'ciyashop_get_compare' functions. | 9.8 |
| 2025-03-13 | CVE-2024-10942 | The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.89 via deserialization of untrusted input in the 'replace_serialized_values' function. | 7.5 |
| 2025-03-07 | CVE-2024-13906 | The Gallery by BestWebSoft – Customizable Image and Photo Galleries for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.7.3 via deserialization of untrusted input in the 'import_gallery_from_csv' function. | 7.2 |
| 2025-03-06 | CVE-2025-2043 | A vulnerability was found in LinZhaoguan pb-cms 1.0.0 and classified as critical. | 4.7 |
| 2025-03-05 | CVE-2024-13777 | The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 6.91 via deserialization of untrusted input from the 'margs' parameter. | 8.1 |
| 2025-03-05 | CVE-2024-13787 | The VEDA - MultiPurpose WordPress Theme theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.2 via deserialization of untrusted input in the 'veda_backup_and_restore_action' function. network low complexity CWE-502 critical | 9.8 |
| 2025-03-04 | CVE-2025-0912 | Deserialization of Untrusted Data vulnerability in Givewp
The Donations Widget plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.19.4 via deserialization of untrusted input from the Donation Form through the 'card_address' parameter. | 9.8 |
| 2025-03-03 | CVE-2025-26967 | Deserialization of Untrusted Data vulnerability in Stiofan Events Calendar for GeoDirectory allows Object Injection. | 8.8 |
| 2025-03-01 | CVE-2024-13833 | The Album Gallery – WordPress Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.3 via deserialization of untrusted input from gallery meta. | 7.2 |
| 2025-02-28 | CVE-2024-13831 | Deserialization of Untrusted Data vulnerability in Wpbranch Tabs for Woocommerce 1.0.0
The Tabs for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input in the 'product_has_custom_tabs' function. | 7.2 |