Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-18 | CVE-2024-13636 | Deserialization of Untrusted Data vulnerability in Unitedthemes Brooklyn 4.9.7.6 The Brooklyn theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.9.9.2 via deserialization of untrusted input in the ot_decode function. | 8.8 |
| 2025-02-18 | CVE-2024-13556 | Deserialization of Untrusted Data vulnerability in Wecantrack Affiliate Links The Affiliate Links: WordPress Plugin for Link Cloaking and Link Management plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.1 via deserialization of untrusted input from an file export. | 9.8 |
| 2025-02-15 | CVE-2024-12562 | Deserialization of Untrusted Data vulnerability in S2Member The s2Member Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 241216 via deserialization of untrusted input from the 's2member_pro_remote_op' vulnerable parameter. | 9.8 |
| 2025-02-13 | CVE-2024-13770 | Deserialization of Untrusted Data vulnerability in Themerex Puzzles The Puzzles | WP Magazine / Review with Store WordPress Theme + RTL theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.2.4 via deserialization of untrusted input 'view_more_posts' AJAX action. | 9.8 |
| 2025-02-11 | CVE-2025-1177 | Deserialization of Untrusted Data vulnerability in Xunruicms 4.6.3 A vulnerability was found in dayrui XunRuiCMS 4.6.3. | 9.8 |
| 2025-02-07 | CVE-2024-9664 | Deserialization of Untrusted Data vulnerability in Soflyy WP ALL Import The WP All Import Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.9.7 via deserialization of untrusted input from an import file. | 7.2 |
| 2025-02-05 | CVE-2025-20124 | Deserialization of Untrusted Data vulnerability in Cisco Identity Services Engine A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker to execute arbitrary commands as the root user on an affected device. This vulnerability is due to insecure deserialization of user-supplied Java byte streams by the affected software. | 7.2 |
| 2025-02-03 | CVE-2025-0974 | A vulnerability, which was classified as critical, has been found in MaxD Lightning Module 4.43 on OpenCart. | 5.0 |
| 2025-01-30 | CVE-2024-13742 | Deserialization of Untrusted Data vulnerability in Icontrolwp The iControlWP – Multiple WordPress Site Manager plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.5 via deserialization of untrusted input from the reqpars parameter. | 9.8 |
| 2025-01-29 | CVE-2025-0841 | A vulnerability has been found in Aridius XYZ up to 20240927 on OpenCart and classified as critical. | 7.3 |