Total
2603 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-32817 | 2026-04-01 | N/A | ||
| Deserialization of Untrusted Data vulnerability in Javier Carazo Import and export users and customers import-users-from-csv-with-meta.This issue affects Import and export users and customers: from n/a through <= 1.26.2. | ||||
| CVE-2024-30229 | 2 Givewp, Wordpress | 2 Givewp, Wordpress | 2026-04-01 | 7.2 High |
| Deserialization of Untrusted Data vulnerability in StellarWP GiveWP give.This issue affects GiveWP: from n/a through <= 3.4.2. | ||||
| CVE-2024-30221 | 1 Sunshinephotocart | 1 Sunshine Photo Cart | 2026-04-01 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart.This issue affects Sunshine Photo Cart: from n/a through <= 3.1.1. | ||||
| CVE-2024-29136 | 1 Themefic | 1 Tourfic | 2026-04-01 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in Themefic Tourfic tourfic.This issue affects Tourfic: from n/a through <= 2.11.17. | ||||
| CVE-2026-27749 | 2 Avira, Gen Digital | 3 Avira Internet Security Suite, Internet Security, Avira Internet Security | 2026-04-01 | 7.8 High |
| Avira Internet Security contains a deserialization of untrusted data vulnerability in the System Speedup component. The Avira.SystemSpeedup.RealTimeOptimizer.exe process, which runs with SYSTEM privileges, deserializes data from a file located in C:\\ProgramData using .NET BinaryFormatter without implementing input validation or deserialization safeguards. Because the file can be created or modified by a local user in default configurations, an attacker can supply a crafted serialized payload that is deserialized by the privileged process, resulting in arbitrary code execution as SYSTEM. | ||||
| CVE-2026-22451 | 2 Ancorathemes, Wordpress | 2 Handyman, Wordpress | 2026-04-01 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in AncoraThemes Handyman handyman-services allows Object Injection.This issue affects Handyman: from n/a through <= 1.4.7. | ||||
| CVE-2025-69405 | 2 Themerex, Wordpress | 2 Lorem Ipsum | Books & Media Store, Wordpress | 2026-04-01 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in ThemeREX Lorem Ipsum | Books & Media Store lorem-ipsum-books-media-store allows Object Injection.This issue affects Lorem Ipsum | Books & Media Store: from n/a through <= 1.2.11. | ||||
| CVE-2025-69404 | 2 Themerex, Wordpress | 2 Extreme Store, Wordpress | 2026-04-01 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in ThemeREX Extreme Store extremestore allows Object Injection.This issue affects Extreme Store: from n/a through <= 1.5.10. | ||||
| CVE-2025-68047 | 2 Arraytics, Wordpress | 2 Eventin, Wordpress | 2026-04-01 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in Arraytics Eventin wp-event-solution allows Object Injection.This issue affects Eventin: from n/a through <= 4.1.3. | ||||
| CVE-2025-68038 | 2 Icegram, Wordpress | 2 Icegram Express, Wordpress | 2026-04-01 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in Icegram Icegram Express Pro email-subscribers-premium allows Object Injection.This issue affects Icegram Express Pro: from n/a through < 5.9.14. | ||||
| CVE-2025-67535 | 2 Weplugins, Wordpress | 2 Wp Maps, Wordpress | 2026-04-01 | 6.5 Medium |
| Deserialization of Untrusted Data vulnerability in Flipper Code - WordPress Development Company WP Maps wp-google-map-plugin allows Object Injection.This issue affects WP Maps: from n/a through <= 4.8.6. | ||||
| CVE-2025-60238 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in universam UNIVERSAM universam-demo allows Object Injection.This issue affects UNIVERSAM: from n/a through <= 9.03. | ||||
| CVE-2025-60216 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in BoldThemes Addison addison allows Object Injection.This issue affects Addison: from n/a through < 1.4.8. | ||||
| CVE-2025-60214 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in BoldThemes Goldenblatt goldenblatt allows Object Injection.This issue affects Goldenblatt: from n/a through < 1.3.0. | ||||
| CVE-2025-60084 | 3 Add-ons.org, Elementor, Wordpress | 3 Pdf-for-elementor-forms, Elementor, Wordpress | 2026-04-01 | 8.6 High |
| Deserialization of Untrusted Data vulnerability in add-ons.org PDF for Elementor Forms + Drag And Drop Template Builder pdf-for-elementor-forms allows Object Injection.This issue affects PDF for Elementor Forms + Drag And Drop Template Builder: from n/a through <= 6.5.0. | ||||
| CVE-2025-60083 | 3 Add-ons.org, Woocommerce, Wordpress | 3 Pdf Invoice Builder For Woocommerce, Woocommerce, Wordpress | 2026-04-01 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in add-ons.org PDF Invoice Builder for WooCommerce pdf-for-woocommerce allows Object Injection.This issue affects PDF Invoice Builder for WooCommerce: from n/a through <= 6.5.0. | ||||
| CVE-2025-60082 | 2 Add-ons.org, Wordpress | 2 Pdf For Wpforms, Wordpress | 2026-04-01 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in add-ons.org PDF for WPForms pdf-for-wpforms allows Object Injection.This issue affects PDF for WPForms: from n/a through <= 6.5.0. | ||||
| CVE-2025-60081 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in add-ons.org PDF for Contact Form 7 pdf-for-contact-form-7 allows Object Injection.This issue affects PDF for Contact Form 7: from n/a through <= 6.5.0. | ||||
| CVE-2025-60080 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 7.5 High |
| Deserialization of Untrusted Data vulnerability in add-ons.org PDF for Gravity Forms + Drag And Drop Template Builder pdf-for-gravity-forms allows Object Injection.This issue affects PDF for Gravity Forms + Drag And Drop Template Builder: from n/a through <= 6.5.0. | ||||
| CVE-2026-28138 | 2 Stylemixthemes, Wordpress | 2 Ulisting, Wordpress | 2026-04-01 | 7.2 High |
| Deserialization of Untrusted Data vulnerability in Stylemix uListing ulisting allows Object Injection.This issue affects uListing: from n/a through <= 2.2.0. | ||||