Total
2666 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-32502 | 2026-04-24 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in Select-Themes Borgholm borgholm-marketing-agency-theme allows Object Injection.This issue affects Borgholm: from n/a through < 1.6. | |||||
| CVE-2026-27083 | 2026-04-24 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in ThemeREX Work & Travel Company work-travel-company allows Object Injection.This issue affects Work & Travel Company: from n/a through <= 1.2. | |||||
| CVE-2026-3328 | 2026-04-24 | N/A | 7.2 HIGH | ||
| The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to PHP Object Injection via deserialization of the 'post_content' of admin_form posts in all versions up to, and including, 3.28.31. This is due to the use of WordPress's `maybe_unserialize()` function without class restrictions on user-controllable content stored in admin_form post content. This makes it possible for authenticated attackers, with Editor-level access and above, to inject a PHP Object. The additional presence of a POP chain allows attackers to achieve remote code execution. | |||||
| CVE-2026-25400 | 2026-04-24 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in thememount Apicona apicona allows Object Injection.This issue affects Apicona: from n/a through <= 24.1.0. | |||||
| CVE-2026-32512 | 2026-04-24 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in Edge-Themes Pelicula pelicula-video-production-and-movie-theme allows Object Injection.This issue affects Pelicula: from n/a through < 1.10. | |||||
| CVE-2026-27045 | 2026-04-24 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in sbthemes WooCommerce Infinite Scroll sb-woocommerce-infinite-scroll allows Object Injection.This issue affects WooCommerce Infinite Scroll: from n/a through <= 1.6.2. | |||||
| CVE-2026-24989 | 2026-04-24 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in FantasticPlugins SUMO Affiliates Pro affs allows Object Injection.This issue affects SUMO Affiliates Pro: from n/a through < 11.4.0. | |||||
| CVE-2026-24976 | 2026-04-24 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in NooTheme Organici Library noo-organici-library allows Object Injection.This issue affects Organici Library: from n/a through <= 2.1.2. | |||||
| CVE-2026-25032 | 2026-04-24 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in park_of_ideas Ricky ricky allows Object Injection.This issue affects Ricky: from n/a through < 2.31. | |||||
| CVE-2026-25358 | 2026-04-24 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in rascals Meloo meloo allows Object Injection.This issue affects Meloo: from n/a through < 2.8.2. | |||||
| CVE-2026-24378 | 2026-04-24 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Object Injection.This issue affects EventPrime: from n/a through <= 4.2.8.0. | |||||
| CVE-2026-25030 | 2026-04-24 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in park_of_ideas Goldish goldish allows Object Injection.This issue affects Goldish: from n/a through < 3.47. | |||||
| CVE-2026-24978 | 2026-04-24 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in NooTheme Jobica Core jobica-core allows Object Injection.This issue affects Jobica Core: from n/a through <= 1.4.1. | |||||
| CVE-2026-22510 | 2026-04-24 | N/A | 8.1 HIGH | ||
| Deserialization of Untrusted Data vulnerability in AncoraThemes Melody melodyschool allows Object Injection.This issue affects Melody: from n/a through <= 1.6.3. | |||||
| CVE-2026-23971 | 2026-04-24 | N/A | 8.1 HIGH | ||
| Deserialization of Untrusted Data vulnerability in xtemos WoodMart woodmart allows Object Injection.This issue affects WoodMart: from n/a through <= 8.3.8. | |||||
| CVE-2026-25029 | 2026-04-24 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in park_of_ideas KIDZ kidz allows Object Injection.This issue affects KIDZ: from n/a through <= 5.24. | |||||
| CVE-2026-22480 | 2026-04-24 | N/A | 7.2 HIGH | ||
| Deserialization of Untrusted Data vulnerability in WebToffee Product Feed for WooCommerce webtoffee-product-feed allows Object Injection.This issue affects Product Feed for WooCommerce: from n/a through <= 2.3.3. | |||||
| CVE-2026-25359 | 2026-04-24 | N/A | 8.8 HIGH | ||
| Deserialization of Untrusted Data vulnerability in rascals Pendulum pendulum allows Object Injection.This issue affects Pendulum: from n/a through < 3.1.5. | |||||
| CVE-2026-22507 | 2026-04-24 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in AncoraThemes Beelove beelove allows Object Injection.This issue affects Beelove: from n/a through <= 1.2.6. | |||||
| CVE-2026-22500 | 2026-04-24 | N/A | 9.8 CRITICAL | ||
| Deserialization of Untrusted Data vulnerability in axiomthemes m2 | Construction and Tools Store m2-ce allows Object Injection.This issue affects m2 | Construction and Tools Store: from n/a through <= 1.1.2. | |||||