Total
2666 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-27096 | 2026-04-28 | N/A | 8.1 HIGH | ||
| Deserialization of Untrusted Data vulnerability in BuddhaThemes ColorFolio - Freelance Designer WordPress Theme allows Object Injection.This issue affects ColorFolio - Freelance Designer WordPress Theme: from n/a through 1.3. | |||||
| CVE-2026-25445 | 2026-04-28 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in Membership Software WishList Member X allows Object Injection.This issue affects WishList Member X: from n/a through 3.29.0. | |||||
| CVE-2026-22471 | 2026-04-28 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in maximsecudeal Secudeal Payments for Ecommerce secudeal-payments-for-ecommerce allows Object Injection.This issue affects Secudeal Payments for Ecommerce: from n/a through <= 1.1. | |||||
| CVE-2026-22417 | 2026-04-28 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Wedding grandwedding allows Object Injection.This issue affects Grand Wedding: from n/a through < 3.1.11. | |||||
| CVE-2026-22384 | 2026-04-28 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in leafcolor Applay - Shortcodes applay-shortcodes allows Object Injection.This issue affects Applay - Shortcodes: from n/a through <= 3.7. | |||||
| CVE-2025-60237 | 2026-04-28 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in Themeton Finag allows Object Injection.This issue affects Finag: from n/a through 1.5.0. | |||||
| CVE-2025-60233 | 2026-04-28 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in Themeton Zuut allows Object Injection.This issue affects Zuut: from n/a through 1.4.2. | |||||
| CVE-2025-53243 | 2026-04-28 | N/A | 8.1 HIGH | ||
| Deserialization of Untrusted Data vulnerability in emarket-design Employee Directory – Staff Listing & Team Directory Plugin for WordPress employee-directory allows Object Injection.This issue affects Employee Directory – Staff Listing & Team Directory Plugin for WordPress: from n/a through <= 4.5.5. | |||||
| CVE-2025-52826 | 2026-04-28 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in uxper Sala allows Object Injection. This issue affects Sala: from n/a through 1.1.3. | |||||
| CVE-2025-49438 | 2026-04-28 | N/A | 8.1 HIGH | ||
| Deserialization of Untrusted Data vulnerability in Max Chirkov Simple Login Log allows Object Injection. This issue affects Simple Login Log: from n/a through 1.1.3. | |||||
| CVE-2025-48101 | 2026-04-28 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in webdevstudios Constant Contact for WordPress allows Object Injection. This issue affects Constant Contact for WordPress: from n/a through 4.1.1. | |||||
| CVE-2025-47582 | 2026-04-28 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in QuantumCloud WPBot Pro Wordpress Chatbot allows Object Injection.This issue affects WPBot Pro Wordpress Chatbot: from n/a through 12.7.0. | |||||
| CVE-2025-47553 | 2026-04-28 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in Digital zoom studio DZS Video Gallery allows Object Injection.This issue affects DZS Video Gallery: from n/a through 12.25. | |||||
| CVE-2025-47552 | 2026-04-28 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in Digital zoom studio DZS Video Gallery allows Object Injection.This issue affects DZS Video Gallery: from n/a through 12.37. | |||||
| CVE-2025-39410 | 2026-04-28 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in themegusta Smart Sections Theme Builder - WPBakery Page Builder Addon.This issue affects Smart Sections Theme Builder - WPBakery Page Builder Addon: from n/a through 1.7.8. | |||||
| CVE-2025-31927 | 2026-04-28 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in themeton Acerola allows Object Injection. This issue affects Acerola: from n/a through 1.6.5. | |||||
| CVE-2025-31919 | 2026-04-28 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in themeton Spare allows Object Injection. This issue affects Spare: from n/a through 1.7. | |||||
| CVE-2025-31430 | 2026-04-28 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in themeton The Business allows Object Injection. This issue affects The Business: from n/a through 1.6.1. | |||||
| CVE-2025-31429 | 2026-04-28 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in themeton PressGrid - Frontend Publish Reaction & Multimedia Theme allows Object Injection. This issue affects PressGrid - Frontend Publish Reaction & Multimedia Theme: from n/a through 1.3.1. | |||||
| CVE-2025-31398 | 2026-04-28 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in themeton PIMP - Creative MultiPurpose allows Object Injection. This issue affects PIMP - Creative MultiPurpose: from n/a through 1.7. | |||||