Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
The Timeline Event History plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1 via deserialization of untrusted input 'timelines-data' parameter. This
The The Next theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.0 via deserialization of untrusted input from the wpeden_post_meta post meta value. Thi
The MultiPurpose theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.0 via deserialization of untrusted input through the 'wpeden_post_meta' post meta.
The Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3 via deserialization of untrusted input from wd_gallery_$id parameter. This makes it pos
The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.89 via deserialization of untrusted input in the 'replace_seri
The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.1.4 via deserialization of untrusted input . This makes it p
The News Flash theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1.0 via deserialization of untrusted input from the newsflash_post_meta meta value. Thi
The Clone plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.4.6 via deserialization of untrusted input in the 'recursive_unserialized_replace' function
The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.3.8 via deserialization of unt
The Grid View Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0 via deserialization of untrusted input from cs_all_photos_details parameter.
The Album Gallery – WordPress Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.3 via deserialization of untrusted input from gallery meta. T
CVE-2025-0855
CRITICAL CVSS 9.8
Find Similar
The PGS Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.8.0 via deserialization of untrusted input in the 'import_header' function. This makes i
The Live Composer – Free WordPress Website Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.2 via deserialization of untrusted input in the
CVE-2024-13786
CRITICAL CVSS 9.8
Find Similar
The education theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.6.10 via deserialization of untrusted input in the 'themerex_callback_view_more_posts' f
The Timeline Event History plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `id` parameter in all versions up to, and including, 3.2 due to insufficient input sanitization
The Glossary by WPPedia – Best Glossary plugin for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.0 via deserialization of untrusted inp
The Backup Migration plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.6 via deserialization of untrusted input in the 'recursive_unserialize_replace
The WordPress Importer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.8.3 via deserialization of untrusted input in the 'maybe_unserialize' function
The Print Science Designer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.152 via deserialization of untrusted input through the 'designer-saved-p
The Smart Post Show – Post Grid, Post Carousel & Slider, and List Category Posts plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.0.12 via deserializa
Page 1+ Next →