Weaknesses of type CWE-502
2,257 resultsCVE-2024-13831HIGHTabs for WooCommerce <= 1.0.0 - Authentiated (Shop Manager+) PHP Object Injection in product_has_custom_tabsEPSS 0.5%CVE-2025-2566CRITICALDeserialization of Untrusted Data in Kaleris Navis N4EPSS 0.5%CVE-2026-3328HIGHFrontend Admin by DynamiApps <= 3.28.31 - Authenticated (Editor+) PHP Object Injection via 'post_content' of Admin Form PostsEPSS 0.5%CVE-2024-12994MEDIUMrunning-elephant Datart File Upload import extractModel deserializationEPSS 0.5%CVE-2024-6644MEDIUMzmops ArgusDBM AviatorScript CalculateAlarm.java getDefaultClassLoader deserializationEPSS 0.5%CVE-2025-9260MEDIUMFluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder 5.1.16 - 6.1.1 - Authenticated (Subscriber+) PHP Object Injection To Arbitrary File ReadEPSS 0.5%CVE-2024-12627HIGHCoupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups <= 1.3.5 - Missing Authorization to Authenticated (Contributor+) PHP Object InjectionEPSS 0.5%CVE-2025-34292CRITICALBeWelcome/Rox PHP Object Injection RCEEPSS 0.5%CVE-2025-60232CRITICALWordPress KBx Pro Ultimate plugin <= 8.0.5 - PHP Object Injection vulnerabilityEPSS 0.5%CVE-2025-60224CRITICALWordPress Subscribe to Download plugin <= 2.0.9 - PHP Object Injection vulnerabilityEPSS 0.5%CVE-2025-60226CRITICALWordPress White Rabbit theme <= 1.5.2 - PHP Object Injection vulnerabilityEPSS 0.5%CVE-2025-60216CRITICALWordPress Addison theme < 1.4.8 - PHP Object Injection vulnerabilityEPSS 0.5%CVE-2025-62025CRITICALWordPress JobSearch plugin < 3.0.8 - PHP Object Injection vulnerabilityEPSS 0.5%CVE-2025-51427HIGHAn issue was discovered in ModelScope 1.25.0 allowing attackers to execute arbitrary code via crafted module listed in the configuration filEPSS 0.5%CVE-2025-60209CRITICALWordPress Connector for Gravity Forms and Google Sheets plugin <= 1.2.6 - PHP Object Injection vulnerabilityEPSS 0.5%CVE-2025-60213CRITICALWordPress Scape theme <= 1.5.13 - PHP Object Injection vulnerabilityEPSS 0.5%CVE-2026-35464HIGHpyLoad has an incomplete fix for CVE-2026-33509: unprotected storage_folder enables arbitrary file write to Flask session store and code executionEPSS 0.5%CVE-2025-60221CRITICALWordPress Captivate Sync Plugin <= 3.0.3 - PHP Object Injection VulnerabilityEPSS 0.5%CVE-2025-60238CRITICALWordPress UNIVERSAM plugin <= 9.04.02 - PHP Object Injection vulnerabilityEPSS 0.5%CVE-2024-43354CRITICALWordPress myCred plugin <= 2.7.2 - PHP Object Injection vulnerabilityEPSS 0.5%