Vulnerabilities > Deserialization of Untrusted Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-11 | CVE-2024-12877 | Deserialization of Untrusted Data vulnerability in Givewp The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.19.2 via deserialization of untrusted input from the donation form like 'firstName'. | 9.8 |
| 2025-01-11 | CVE-2024-12627 | The Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.5 via deserialization of untrusted input from post content passed to the capture_email AJAX action. | 7.5 |
| 2025-01-07 | CVE-2024-11465 | Deserialization of Untrusted Data vulnerability in Yikesinc Custom Product Tabs for Woocommerce The Custom Product Tabs for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.8.5 via deserialization of untrusted input in the 'yikes_woo_products_tabs' post meta parameter. | 7.2 |
| 2025-01-07 | CVE-2024-12313 | The Compare Products for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.1 via deserialization of untrusted input from the 'woo_compare_list' cookie. | 8.1 |
| 2025-01-05 | CVE-2024-13136 | Deserialization of Untrusted Data vulnerability in Wangl1989 Mysiteforme 1.0 A vulnerability was found in wangl1989 mysiteforme 1.0 and classified as critical. | 9.8 |
| 2025-01-04 | CVE-2024-10932 | The Backup Migration plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.6 via deserialization of untrusted input in the 'recursive_unserialize_replace' function. | 8.8 |
| 2024-12-25 | CVE-2024-52046 | Deserialization of Untrusted Data vulnerability in Apache Mina The ObjectSerializationDecoder in Apache MINA uses Java’s native deserialization protocol to process incoming serialized data but lacks the necessary security checks and defenses. | 9.8 |
| 2024-12-21 | CVE-2024-12721 | Deserialization of Untrusted Data vulnerability in Webbuilder143 Custom Product Tabs for Woocommerce The Custom Product Tabs For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.4 via deserialization of untrusted input from the 'wb_custom_tabs' parameter. | 7.2 |
| 2024-12-16 | CVE-2024-10095 | Deserialization of Untrusted Data vulnerability in Telerik UI for WPF In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1213), a code execution attack is possible through an insecure deserialization vulnerability. | 9.8 |
| 2024-12-16 | CVE-2024-54367 | Deserialization of Untrusted Data vulnerability in Ultimatemember Forumwp Deserialization of Untrusted Data vulnerability in ForumWP ForumWP allows Object Injection.This issue affects ForumWP: from n/a through 2.1.0. | 9.8 |