Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-01 | CVE-2024-13833 | The Album Gallery – WordPress Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.3 via deserialization of untrusted input from gallery meta. | 7.2 |
| 2025-02-28 | CVE-2024-13831 | Deserialization of Untrusted Data vulnerability in Wpbranch Tabs for Woocommerce 1.0.0 The Tabs for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.0 via deserialization of untrusted input in the 'product_has_custom_tabs' function. | 7.2 |
| 2025-02-27 | CVE-2025-1741 | A vulnerability classified as problematic was found in b1gMail up to 7.4.1-pl1. | 4.7 |
| 2025-02-22 | CVE-2025-1556 | A vulnerability, which was classified as problematic, has been found in westboy CicadasCMS 1.0. | 4.7 |
| 2025-02-22 | CVE-2024-13899 | Deserialization of Untrusted Data vulnerability in Misterpah Mambo Joomla Importer 1.0 The Mambo Importer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0 via deserialization of untrusted input via the $data parameter in the fImportMenu function. | 7.2 |
| 2025-02-20 | CVE-2024-13789 | Deserialization of Untrusted Data vulnerability in Matiskiba Ravpage The ravpage plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.31 via deserialization of untrusted input from the 'paramsv2' parameter. | 9.8 |
| 2025-02-19 | CVE-2024-28777 | IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 is vulnerable to unrestricted deserialization. | 8.8 |
| 2025-02-19 | CVE-2024-45084 | IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 could allow an authenticated attacker to conduct formula injection. | 8.0 |
| 2025-02-18 | CVE-2024-13636 | Deserialization of Untrusted Data vulnerability in Unitedthemes Brooklyn 4.9.7.6 The Brooklyn theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.9.9.2 via deserialization of untrusted input in the ot_decode function. | 8.8 |
| 2025-02-18 | CVE-2024-13556 | Deserialization of Untrusted Data vulnerability in Wecantrack Affiliate Links The Affiliate Links: WordPress Plugin for Link Cloaking and Link Management plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.1 via deserialization of untrusted input from an file export. | 9.8 |