Unauthenticated PHP Object Injection in Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.8 versions.
Unauthenticated PHP Object Injection in Reisen <= 1.4.1 versions.
An issue was discovered in Kiamo before 8.4 allowing authenticated administrative attackers to execute arbitrary PHP code on the server. NOTE: the Supplier's position is that this is "a historical and
Unauthenticated PHP Object Injection in Hiroshi <= 1.5.1 versions.
Unauthenticated PHP Object Injection in JetEngine <= 3.8.10 versions.
Unauthenticated PHP Object Injection in Alukas < 3.0.0 versions.
Unauthenticated PHP Object Injection in WP Travel Engine <= 6.7.12 versions.
Unauthenticated PHP Object Injection in Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms <= 1.4.3 versions.
Unauthenticated PHP Object Injection in ThemeREX Addons <= 2.36.1.1 versions.
Unauthenticated PHP Object Injection in Manufaktur Solutions <= 1.1.1 versions.
Unauthenticated PHP Object Injection in Behold <= 1.5 versions.
An authenticated command injection vulnerability exists in Tiki Wiki CMS versions ≤14.1, ≤12.4 LTS, ≤9.10 LTS, and ≤6.14 via the `viewmode` GET parameter in `tiki-calendar.php`. When the calendar modu
Unauthenticated PHP Object Injection in WooCommerce Product Filters < 2.0.6 versions.
Unauthenticated PHP Object Injection in Alloggio - Hotel Booking <= 2.1.2 versions.
Unauthenticated PHP Object Injection in AI Lab < 5.4.2 versions.
Unauthenticated PHP Object Injection in Laurits <= 1.5.1 versions.
Unauthenticated PHP Object Injection in Elementra <= 1.0.9 versions.
Contributor PHP Object Injection in Anti-Malware Security and Brute-Force Firewall <= 4.23.87 versions.
UNA CMS versions 9.0.0-RC1 - 14.0.0-RC4 contain a PHP object injection vulnerability in BxBaseMenuSetAclLevel.php where the profile_id POST parameter is passed to PHP unserialize() without proper hand
Unauthenticated PHP Object Injection in Zoya <= 1.4 versions.