Total
2419 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-60238 | 2026-01-20 | N/A | 9.8 CRITICAL | ||
|
Deserialization of Untrusted Data vulnerability in universam UNIVERSAM universam-demo allows Object Injection.This issue affects UNIVERSAM: from n/a through <= 8.72.34.
|
|||||
| CVE-2025-60234 | 2026-01-20 | N/A | 8.8 HIGH | ||
|
Deserialization of Untrusted Data vulnerability in designthemes Single Property single-property allows Object Injection.This issue affects Single Property: from n/a through <= 2.8.
|
|||||
| CVE-2025-60232 | 2026-01-20 | N/A | 9.8 CRITICAL | ||
|
Deserialization of Untrusted Data vulnerability in quantumcloud KBx Pro Ultimate knowledgebase-helpdesk-pro allows Object Injection.This issue affects KBx Pro Ultimate: from n/a through <= 8.0.5.
|
|||||
| CVE-2025-60228 | 2026-01-20 | N/A | 8.8 HIGH | ||
|
Deserialization of Untrusted Data vulnerability in designthemes Knowledge Base kbase allows Object Injection.This issue affects Knowledge Base: from n/a through <= 2.9.
|
|||||
| CVE-2025-60226 | 1 Axiomthemes | 1 White Rabbit | 2026-01-20 | N/A | 9.8 CRITICAL |
|
Deserialization of Untrusted Data vulnerability in axiomthemes White Rabbit whiterabbit allows Object Injection.This issue affects White Rabbit: from n/a through <= 1.5.2.
|
|||||
| CVE-2025-60225 | 2026-01-20 | N/A | 9.8 CRITICAL | ||
|
Deserialization of Untrusted Data vulnerability in AncoraThemes BugsPatrol bugspatrol allows Object Injection.This issue affects BugsPatrol: from n/a through <= 1.5.0.
|
|||||
| CVE-2025-60224 | 2026-01-20 | N/A | 9.8 CRITICAL | ||
|
Deserialization of Untrusted Data vulnerability in wpshuffle Subscribe to Download subscribe-to-download allows Object Injection.This issue affects Subscribe to Download: from n/a through <= 2.0.9.
|
|||||
| CVE-2025-60221 | 2026-01-20 | N/A | 9.8 CRITICAL | ||
|
Deserialization of Untrusted Data vulnerability in captivateaudio Captivate Sync captivatesync-trade allows Object Injection.This issue affects Captivate Sync: from n/a through <= 3.0.3.
|
|||||
| CVE-2025-60216 | 2026-01-20 | N/A | 9.8 CRITICAL | ||
|
Deserialization of Untrusted Data vulnerability in BoldThemes Addison addison allows Object Injection.This issue affects Addison: from n/a through <= 1.4.2.
|
|||||
| CVE-2025-60215 | 2026-01-20 | N/A | 8.8 HIGH | ||
|
Deserialization of Untrusted Data vulnerability in designthemes Kriya kriya allows Object Injection.This issue affects Kriya: from n/a through <= 3.4.
|
|||||
| CVE-2025-60214 | 2026-01-20 | N/A | 9.8 CRITICAL | ||
|
Deserialization of Untrusted Data vulnerability in BoldThemes Goldenblatt goldenblatt allows Object Injection.This issue affects Goldenblatt: from n/a through <= 1.2.1.
|
|||||
| CVE-2025-60213 | 2026-01-20 | N/A | 9.8 CRITICAL | ||
|
Deserialization of Untrusted Data vulnerability in Whitebox-Studio Scape scape allows Object Injection.This issue affects Scape: from n/a through <= 1.5.13.
|
|||||
| CVE-2025-60212 | 2026-01-20 | N/A | 8.8 HIGH | ||
|
Deserialization of Untrusted Data vulnerability in designthemes VEDA veda allows Object Injection.This issue affects VEDA: from n/a through <= 4.2.
|
|||||
| CVE-2025-60210 | 1 Wpeverest | 1 Everest Forms Frontend Listing | 2026-01-20 | N/A | 9.8 CRITICAL |
|
Deserialization of Untrusted Data vulnerability in wpeverest Everest Forms - Frontend Listing everest-forms-frontend-listing allows Object Injection.This issue affects Everest Forms - Frontend Listing: from n/a through <= 1.0.5.
|
|||||
| CVE-2025-60209 | 2026-01-20 | N/A | 9.8 CRITICAL | ||
|
Deserialization of Untrusted Data vulnerability in CRM Perks Connector for Gravity Forms and Google Sheets wp-gravity-forms-spreadsheets allows Object Injection.This issue affects Connector for Gravity Forms and Google Sheets: from n/a through <= 1.2.6.
|
|||||
| CVE-2025-60180 | 1 Crmperks | 1 Wp Gravity Forms Salesforce | 2026-01-20 | N/A | 9.8 CRITICAL |
|
Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Salesforce gf-salesforce-crmperks allows Object Injection.This issue affects WP Gravity Forms Salesforce: from n/a through <= 1.5.1.
|
|||||
| CVE-2025-60178 | 1 Crmperks | 1 Wp Gravity Forms Hubspot | 2026-01-20 | N/A | 9.8 CRITICAL |
|
Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms HubSpot gf-hubspot allows Object Injection.This issue affects WP Gravity Forms HubSpot: from n/a through <= 1.2.6.
|
|||||
| CVE-2025-60174 | 1 Crmperks | 1 Wp Gravity Forms Constant Contact Plugin | 2026-01-20 | N/A | 9.8 CRITICAL |
|
Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Constant Contact Plugin gf-constant-contact allows Object Injection.This issue affects WP Gravity Forms Constant Contact Plugin: from n/a through <= 1.1.2.
|
|||||
| CVE-2025-60091 | 1 Crmperks | 1 Wp Gravity Forms Zoho Crm And Bigin | 2026-01-20 | N/A | 9.8 CRITICAL |
|
Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Zoho CRM and Bigin gf-zoho allows Object Injection.This issue affects WP Gravity Forms Zoho CRM and Bigin: from n/a through <= 1.2.9.
|
|||||
| CVE-2025-60090 | 1 Crmperks | 1 Wp Gravity Forms Insightly | 2026-01-20 | N/A | 9.8 CRITICAL |
|
Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Insightly gf-insightly allows Object Injection.This issue affects WP Gravity Forms Insightly: from n/a through <= 1.1.6.
|
|||||
| CVE-2025-60089 | 1 Crmperks | 1 Wp Gravity Forms Freshdesk Plugin | 2026-01-20 | N/A | 9.8 CRITICAL |
|
Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms FreshDesk Plugin gf-freshdesk allows Object Injection.This issue affects WP Gravity Forms FreshDesk Plugin: from n/a through <= 1.3.5.
|
|||||
| CVE-2025-60084 | 2026-01-20 | N/A | 8.6 HIGH | ||
|
Deserialization of Untrusted Data vulnerability in add-ons.org PDF for Elementor Forms + Drag And Drop Template Builder pdf-for-elementor-forms allows Object Injection.This issue affects PDF for Elementor Forms + Drag And Drop Template Builder: from n/a through <= 6.3.1.
|
|||||
| CVE-2025-60083 | 2026-01-20 | N/A | 8.8 HIGH | ||
|
Deserialization of Untrusted Data vulnerability in add-ons.org PDF Invoice Builder for WooCommerce pdf-for-woocommerce allows Object Injection.This issue affects PDF Invoice Builder for WooCommerce: from n/a through <= 6.3.2.
|
|||||
| CVE-2025-60082 | 2026-01-20 | N/A | 8.8 HIGH | ||
|
Deserialization of Untrusted Data vulnerability in add-ons.org PDF for WPForms pdf-for-wpforms allows Object Injection.This issue affects PDF for WPForms: from n/a through <= 6.3.1.
|
|||||
| CVE-2025-60081 | 2026-01-20 | N/A | 8.8 HIGH | ||
|
Deserialization of Untrusted Data vulnerability in add-ons.org PDF for Contact Form 7 pdf-for-contact-form-7 allows Object Injection.This issue affects PDF for Contact Form 7: from n/a through <= 6.3.4.
|
|||||
| CVE-2025-60080 | 2026-01-20 | N/A | 7.5 HIGH | ||
|
Deserialization of Untrusted Data vulnerability in add-ons.org PDF for Gravity Forms + Drag And Drop Template Builder pdf-for-gravity-forms allows Object Injection.This issue affects PDF for Gravity Forms + Drag And Drop Template Builder: from n/a through <= 6.3.0.
|
|||||
| CVE-2025-60039 | 2026-01-20 | N/A | 9.8 CRITICAL | ||
|
Deserialization of Untrusted Data vulnerability in rascals Noisa noisa allows Object Injection.This issue affects Noisa: from n/a through <= 2.6.0.
|
|||||
| CVE-2025-59007 | 2026-01-20 | N/A | 8.1 HIGH | ||
|
Deserialization of Untrusted Data vulnerability in themesflat TF Woo Product Grid Addon For Elementor tf-woo-product-grid allows Object Injection.This issue affects TF Woo Product Grid Addon For Elementor: from n/a through <= 1.0.1.
|
|||||
| CVE-2025-58998 | 2026-01-20 | N/A | 9.8 CRITICAL | ||
|
Deserialization of Untrusted Data vulnerability in Cristián Lávaque s2Member s2member allows Object Injection.This issue affects s2Member: from n/a through <= 250701.
|
|||||
| CVE-2025-58636 | 2026-01-20 | N/A | 9.8 CRITICAL | ||
|
Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Keap/Infusionsoft gf-infusionsoft allows Object Injection.This issue affects WP Gravity Forms Keap/Infusionsoft: from n/a through <= 1.2.3.
|
|||||
| CVE-2025-58619 | 2026-01-20 | N/A | 8.8 HIGH | ||
|
Deserialization of Untrusted Data vulnerability in sbouey Falang multilanguage falang allows Object Injection.This issue affects Falang multilanguage: from n/a through <= 1.3.65.
|
|||||
| CVE-2025-58592 | 2026-01-20 | N/A | 8.1 HIGH | ||
|
Deserialization of Untrusted Data vulnerability in Cozmoslabs TranslatePress translatepress-multilingual allows Object Injection.This issue affects TranslatePress: from n/a through <= 2.10.2.
|
|||||
| CVE-2025-54723 | 2026-01-20 | N/A | 9.8 CRITICAL | ||
|
Deserialization of Untrusted Data vulnerability in BoldThemes DentiCare denticare allows Object Injection.This issue affects DentiCare: from n/a through < 1.4.3.
|
|||||
| CVE-2025-54719 | 2026-01-20 | N/A | 8.8 HIGH | ||
|
Deserialization of Untrusted Data vulnerability in NooTheme Yogi - Health Beauty & Yoga noo-yogi allows Object Injection.This issue affects Yogi - Health Beauty & Yoga: from n/a through <= 2.9.2.
|
|||||
| CVE-2025-53586 | 2026-01-20 | N/A | 9.8 CRITICAL | ||
|
Deserialization of Untrusted Data vulnerability in NooTheme WeMusic noo-wemusic allows Object Injection.This issue affects WeMusic: from n/a through <= 1.9.1.
|
|||||
| CVE-2025-53242 | 2026-01-20 | N/A | 9.8 CRITICAL | ||
|
Deserialization of Untrusted Data vulnerability in VictorThemes Seil seil allows Object Injection.This issue affects Seil: from n/a through <= 1.7.1.
|
|||||
| CVE-2025-52740 | 2026-01-20 | N/A | 8.8 HIGH | ||
|
Deserialization of Untrusted Data vulnerability in Hernan Villanueva Boldermail boldermail allows Object Injection.This issue affects Boldermail: from n/a through <= 2.4.0.
|
|||||
| CVE-2025-52737 | 2026-01-20 | N/A | 8.8 HIGH | ||
|
Deserialization of Untrusted Data vulnerability in Tijmen Smit WP Store Locator wp-store-locator allows Object Injection.This issue affects WP Store Locator: from n/a through <= 2.2.260.
|
|||||
| CVE-2025-49393 | 2026-01-20 | N/A | 9.8 CRITICAL | ||
|
Deserialization of Untrusted Data vulnerability in Fetch Designs Sign-up Sheets sign-up-sheets allows Object Injection.This issue affects Sign-up Sheets: from n/a through <= 2.3.2.
|
|||||
| CVE-2025-49386 | 2026-01-20 | N/A | 9.8 CRITICAL | ||
|
Deserialization of Untrusted Data vulnerability in Scott Reilly Preserve Code Formatting preserve-code-formatting allows Object Injection.This issue affects Preserve Code Formatting: from n/a through <= 4.0.1.
|
|||||