Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2026-25429 Deserialization of Untrusted Data vulnerability in wpdive Nexa Blocks nexa-blocks allows Object Injection.This issue affects Nexa Blocks: from n/a through <= 1.1.1. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-27286 Deserialization of Untrusted Data vulnerability in saoshyant1994 Saoshyant Slider saoshyant-slider allows Object Injection.This issue affects Saoshyant Slider: from n/a through <= 3.0. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-49330 Deserialization of Untrusted Data vulnerability in CRM Perks Integration for Contact Form 7 and Zoho CRM, Bigin cf7-zoho allows Object Injection.This issue affects Integration for Contact Form 7 and Z... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-43222 Missing Authorization vulnerability in SeventhQueen Sweet Date sweetdate allows Privilege Escalation.This issue affects Sweet Date: from n/a through <= 3.7.3. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-39500 Deserialization of Untrusted Data vulnerability in GoodLayers Goodlayers Hostel gdlr-hostel allows Object Injection.This issue affects Goodlayers Hostel: from n/a through <= 3.1.2. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-49507 Deserialization of Untrusted Data vulnerability in LoftOcean CozyStay cozystay allows Object Injection.This issue affects CozyStay: from n/a through < 1.7.1. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-30618 Deserialization of Untrusted Data vulnerability in yuliaz Rapyd Payment Extension for WooCommerce rapyd-payments allows Object Injection.This issue affects Rapyd Payment Extension for WooCommerce: fro... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-39503 Deserialization of Untrusted Data vulnerability in GoodLayers Goodlayers Hotel gdlr-hotel allows Object Injection.This issue affects Goodlayers Hotel: from n/a through <= 3.1.4. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-30985 Deserialization of Untrusted Data vulnerability in kagla GNUCommerce gnucommerce allows Object Injection.This issue affects GNUCommerce: from n/a through <= 1.5.4. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-39485 Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Tour grandtour allows Object Injection.This issue affects Grand Tour: from n/a through <= 5.6. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-46468 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WPFable Fable Extra fable-extra allows PHP Local File Inclusion.This issue affe... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-32292 Deserialization of Untrusted Data vulnerability in AncoraThemes Jarvis – Night Club, Concert, Festival WordPress jarvis allows Object Injection.This issue affects Jarvis – Night Club, Concert, Festiva... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-32607 Deserialization of Untrusted Data vulnerability in magepeopleteam WpBookingly service-booking-manager allows Object Injection.This issue affects WpBookingly: from n/a through <= 1.3.0. | 9.8 | CRITICAL | — | 0 |
| CVE-2026-4567 A vulnerability has been found in Tenda A15 15.13.07.13. The impacted element is the function UploadCfg of the file /cgi-bin/UploadCfg. The manipulation of the argument File leads to stack-based buffe... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-39489 Incorrect Privilege Assignment vulnerability in pebas CouponXL couponxl allows Privilege Escalation.This issue affects CouponXL: from n/a through <= 4.5.0. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-32577 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in hakeemnala Build App Online build-app-online allows PHP Local File Inclusion.Th... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-32569 Deserialization of Untrusted Data vulnerability in RealMag777 TableOn posts-table-filterable allows Object Injection.This issue affects TableOn: from n/a through <= 1.0.4.3. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-32568 Deserialization of Untrusted Data vulnerability in empik EmpikPlace for Woocommerce empik-for-woocommerce allows Object Injection.This issue affects EmpikPlace for Woocommerce: from n/a through <= 1.4... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-31918 Incorrect Privilege Assignment vulnerability in quantumcloud Simple Business Directory Pro simple-business-directory-pro allows Privilege Escalation.This issue affects Simple Business Directory Pro: f... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-47530 Deserialization of Untrusted Data vulnerability in WPFunnels WPFunnels wpfunnels allows Object Injection.This issue affects WPFunnels: from n/a through <= 3.5.18. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-47532 Deserialization of Untrusted Data vulnerability in CoinPayments CoinPayments.net Payment Gateway for WooCommerce coinpayments-payment-gateway-for-woocommerce allows Object Injection.This issue affects... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-47539 Incorrect Privilege Assignment vulnerability in Arraytics Eventin wp-event-solution allows Privilege Escalation.This issue affects Eventin: from n/a through <= 4.0.26. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-47568 Deserialization of Untrusted Data vulnerability in ZoomIt ZoomSounds dzs-zoomsounds allows Object Injection.This issue affects ZoomSounds: from n/a through <= 6.91. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-32695 Incorrect Privilege Assignment vulnerability in Mestres do WP Checkout Mestres WP checkout-mestres-wp allows Privilege Escalation.This issue affects Checkout Mestres WP: from n/a through <= 8.7.5. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-64236 Authentication Bypass Using an Alternate Path or Channel vulnerability in AmentoTech Tuturn allows Authentication Abuse.This issue affects Tuturn: from n/a before 3.6. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-31033 Cross-Site Request Forgery (CSRF) vulnerability in Adam Nowak Buddypress Humanity buddypress-humanity allows Cross Site Request Forgery.This issue affects Buddypress Humanity: from n/a through <= 1.2. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-60238 Deserialization of Untrusted Data vulnerability in universam UNIVERSAM universam-demo allows Object Injection.This issue affects UNIVERSAM: from n/a through <= 9.04.02. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-59007 Deserialization of Untrusted Data vulnerability in themesflat TF Woo Product Grid Addon For Elementor tf-woo-product-grid allows Object Injection.This issue affects TF Woo Product Grid Addon For Eleme... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-31612 Deserialization of Untrusted Data vulnerability in Sabuj Kundu CBX Poll cbxpoll allows Object Injection.This issue affects CBX Poll: from n/a through <= 2.0.4. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-52439 Deserialization of Untrusted Data vulnerability in Mark O'Donnell Team Rosters team-rosters allows Object Injection.This issue affects Team Rosters: from n/a through <= 4.8.2. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-52440 Deserialization of Untrusted Data vulnerability in xpresslane Xpresslane Fast Checkout xpresslane-integration-for-woocommerce allows Object Injection.This issue affects Xpresslane Fast Checkout: from ... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-52441 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability in Rajesh Thanoch Quick Learn quick-learn allows Object Injection.This issue affects Quick Learn... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-52442 Incorrect Privilege Assignment vulnerability in userplus UserPlus userplus allows Privilege Escalation.This issue affects UserPlus: from n/a through <= 2.0. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-52443 Deserialization of Untrusted Data vulnerability in masikonis Geolocator geolocator allows Object Injection.This issue affects Geolocator: from n/a through <= 1.1. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-52475 Authentication Bypass Using an Alternate Path or Channel vulnerability in Information Technology Wawp automation-web-platform allows Authentication Bypass.This issue affects Wawp: from n/a through < 3... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-4880 The Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale) plugin for WordPress is vulnerable to privilege escalation via insecure token-based authentication ... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-4334 The Simple User Registration plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.3. This is due to insufficient restrictions on user meta values that can... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-54297 Authentication Bypass Using an Alternate Path or Channel vulnerability in extremeidea vBSSO-lite vbsso-lite allows Authentication Bypass.This issue affects vBSSO-lite: from n/a through <= 1.4.3. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-54296 Authentication Bypass Using an Alternate Path or Channel vulnerability in Codexpert, Inc CoSchool LMS coschool allows Authentication Bypass.This issue affects CoSchool LMS: from n/a through <= 1.4.3. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-54295 Authentication Bypass Using an Alternate Path or Channel vulnerability in FluxBuilder ListApp Mobile Manager listapp-mobile-manager allows Authentication Bypass.This issue affects ListApp Mobile Manag... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-54294 Authentication Bypass Using an Alternate Path or Channel vulnerability in Appgenix Infotech Firebase OTP Authentication authentication-via-otp-using-firebase allows Authentication Bypass.This issue af... | 9.8 | CRITICAL | — | 0 |
| CVE-2024-54293 Incorrect Privilege Assignment vulnerability in CE21 CE21 Suite ce21-suite allows Privilege Escalation.This issue affects CE21 Suite: from n/a through <= 2.2.0. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-48287 Deserialization of Untrusted Data vulnerability in Pagaleve Pix 4x sem juros - Pagaleve wc-pagaleve allows Object Injection.This issue affects Pix 4x sem juros - Pagaleve: from n/a through <= 1.6.9. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-48289 Deserialization of Untrusted Data vulnerability in AncoraThemes Kids Planet kidsplanet allows Object Injection.This issue affects Kids Planet: from n/a through <= 2.2.14. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-31631 Deserialization of Untrusted Data vulnerability in AncoraThemes Fish House fish-house allows Object Injection.This issue affects Fish House: from n/a through <= 1.2.7. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-31423 Deserialization of Untrusted Data vulnerability in AncoraThemes Umberto umberto allows Object Injection.This issue affects Umberto: from n/a through <= 1.2.8. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-48336 Deserialization of Untrusted Data vulnerability in ThimPress Course Builder course-builder allows Object Injection.This issue affects Course Builder: from n/a through < 3.6.6. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-54273 Deserialization of Untrusted Data vulnerability in PickPlugins Mail Picker mail-picker allows Object Injection.This issue affects Mail Picker: from n/a through <= 1.0.14. | 9.8 | CRITICAL | — | 0 |
| CVE-2025-5746 The Drag and Drop Multiple File Upload (Pro) - WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the dnd_upload_cf7_upload_chunks() functi... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-5394 The Alone – Charity Multipurpose Non-profit WordPress Theme theme for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the alone_import_pack_install_plugin() func... | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.