Deserialization of Untrusted Data vulnerability in AncoraThemes Umberto umberto allows Object Injection.This issue affects Umberto: from n/a through <= 1.2.8.
Deserialization of Untrusted Data vulnerability in dmcwebzone Airin Blog airin-blog allows Object Injection.This issue affects Airin Blog: from n/a through <= 1.6.1.
Deserialization of Untrusted Data vulnerability in ThemeREX Dentario dentario allows Object Injection.This issue affects Dentario: from n/a through <= 1.5.
Deserialization of Untrusted Data vulnerability in designthemes Crafts & Arts crafts-and-arts allows Object Injection.This issue affects Crafts & Arts: from n/a through <= 2.5.
Deserialization of Untrusted Data vulnerability in rascals Noisa noisa allows Object Injection.This issue affects Noisa: from n/a through <= 2.6.0.
Deserialization of Untrusted Data vulnerability in Themeton Lagom allows Object Injection.
This issue affects Lagom: from n/a through 2.0.
Deserialization of Untrusted Data vulnerability in EMV Creatify allows Object Injection.
This issue affects Creatify: from n/a through 1.5.
Deserialization of Untrusted Data vulnerability in Chouby Polylang polylang allows Object Injection.This issue affects Polylang: from n/a through <= 3.7.3.
MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/addField.
Deserialization of Untrusted Data vulnerability in plainware Locatoraid Store Locator locatoraid allows Object Injection.This issue affects Locatoraid Store Locator: from n/a through <= 3.9.50.
Deserialization of Untrusted Data vulnerability in sbouey Falang multilanguage falang allows Object Injection.This issue affects Falang multilanguage: from n/a through <= 1.3.65.
Deserialization of Untrusted Data vulnerability in denniskravetstns VRPConnector vrpconnector allows Object Injection.This issue affects VRPConnector: from n/a through <= 2.0.1.
Deserialization of Untrusted Data vulnerability in Saad Iqbal myCred mycred.This issue affects myCred: from n/a through <= 2.7.2.
CWE-502: Deserialization of Untrusted Data vulnerability exists that could allow code to be
remotely executed on the server when unsafely deserialized data is posted to the web server.
Deserialization of Untrusted Data vulnerability in Hernan Villanueva Boldermail boldermail allows Object Injection.This issue affects Boldermail: from n/a through <= 2.4.0.
Deserialization of Untrusted Data vulnerability in Cristián Lávaque s2Member s2member allows Object Injection.This issue affects s2Member: from n/a through <= 250701.
Deserialization of Untrusted Data vulnerability in MotoPress Timetable and Event Schedule allows Object Injection.This issue affects Timetable and Event Schedule: from n/a through 2.4.13.
Deserialization of Untrusted Data vulnerability in plainware PlainInventory z-inventory-manager allows Object Injection.This issue affects PlainInventory: from n/a through <= 3.1.6.
Deserialization of Untrusted Data vulnerability in BoldThemes Amwerk amwerk allows Object Injection.This issue affects Amwerk: from n/a through <= 1.2.0.
Deserialization of Untrusted Data vulnerability in AncoraThemes Morning Records morning-records allows Object Injection.This issue affects Morning Records: from n/a through <= 1.2.