Vulnerabilities > Deserialization of Untrusted Data

DATE CVE VULNERABILITY TITLE RISK
2025-01-07 CVE-2024-12313 The Compare Products for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.1 via deserialization of untrusted input from the 'woo_compare_list' cookie.
network
high complexity
CWE-502
8.1
2025-01-05 CVE-2024-13136 Deserialization of Untrusted Data vulnerability in Wangl1989 Mysiteforme 1.0
A vulnerability was found in wangl1989 mysiteforme 1.0 and classified as critical.
network
low complexity
wangl1989 CWE-502
critical
9.8
2025-01-04 CVE-2024-10932 The Backup Migration plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.6 via deserialization of untrusted input in the 'recursive_unserialize_replace' function.
network
low complexity
CWE-502
8.8
2024-12-25 CVE-2024-52046 Deserialization of Untrusted Data vulnerability in Apache Mina
The ObjectSerializationDecoder in Apache MINA uses Java’s native deserialization protocol to process incoming serialized data but lacks the necessary security checks and defenses.
network
low complexity
apache CWE-502
critical
9.8
2024-12-21 CVE-2024-12721 Deserialization of Untrusted Data vulnerability in Webbuilder143 Custom Product Tabs for Woocommerce
The Custom Product Tabs For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.4 via deserialization of untrusted input from the 'wb_custom_tabs' parameter.
network
low complexity
webbuilder143 CWE-502
7.2
2024-12-16 CVE-2024-10095 Deserialization of Untrusted Data vulnerability in Telerik UI for WPF
In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1213), a code execution attack is possible through an insecure deserialization vulnerability.
network
low complexity
telerik CWE-502
critical
9.8
2024-12-16 CVE-2024-54367 Deserialization of Untrusted Data vulnerability in Ultimatemember Forumwp
Deserialization of Untrusted Data vulnerability in ForumWP ForumWP allows Object Injection.This issue affects ForumWP: from n/a through 2.1.0.
network
low complexity
ultimatemember CWE-502
critical
9.8
2024-12-12 CVE-2024-49147 Deserialization of Untrusted Data vulnerability in Microsoft Update Catalog
Deserialization of untrusted data in Microsoft Update Catalog allows an unauthorized attacker to elevate privileges on the website’s webserver.
network
low complexity
microsoft CWE-502
critical
9.8
2024-12-12 CVE-2024-12312 The Print Science Designer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.152 via deserialization of untrusted input through the 'designer-saved-projects' cookie.
network
high complexity
CWE-502
8.1
2024-12-12 CVE-2024-49063 Deserialization of Untrusted Data vulnerability in Microsoft Muzic
Microsoft/Muzic Remote Code Execution Vulnerability
local
low complexity
microsoft CWE-502
8.4