Total
2603 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-28105 | 2 Themerex, Wordpress | 2 Good Energy, Wordpress | 2026-04-01 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in ThemeREX Good Energy goodenergy allows Object Injection.This issue affects Good Energy: from n/a through <= 1.7.7. | ||||
| CVE-2026-28074 | 2 Themerex, Wordpress | 2 Pizza House, Wordpress | 2026-04-01 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in ThemeREX Pizza House pizzahouse allows Object Injection.This issue affects Pizza House: from n/a through <= 1.4.0. | ||||
| CVE-2026-27439 | 2 Themerex, Wordpress | 2 Dentario, Wordpress | 2026-04-01 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in ThemeREX Dentario dentario allows Object Injection.This issue affects Dentario: from n/a through <= 1.5. | ||||
| CVE-2026-27438 | 2 Themerex, Wordpress | 2 Kingler, Wordpress | 2026-04-01 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in ThemeREX Kingler kingler allows Object Injection.This issue affects Kingler: from n/a through <= 1.7. | ||||
| CVE-2026-27437 | 2 Themerex, Wordpress | 2 Tennis Club, Wordpress | 2026-04-01 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in ThemeREX Tennis Club tennis-sportclub allows Object Injection.This issue affects Tennis Club: from n/a through <= 1.2.3. | ||||
| CVE-2026-27417 | 2 Seventhqueen, Wordpress | 2 Sweet Date, Wordpress | 2026-04-01 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in SeventhQueen Sweet Date sweetdate allows Object Injection.This issue affects Sweet Date: from n/a through < 4.0.1. | ||||
| CVE-2026-27379 | 2 Nextscripts, Wordpress | 2 Nextscripts, Wordpress | 2026-04-01 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in NextScripts NextScripts social-networks-auto-poster-facebook-twitter-g allows Object Injection.This issue affects NextScripts: from n/a through <= 4.4.7. | ||||
| CVE-2026-27369 | 2 Boldthemes, Wordpress | 2 Celeste, Wordpress | 2026-04-01 | 8.1 High |
| Deserialization of Untrusted Data vulnerability in BoldThemes Celeste celeste allows Object Injection.This issue affects Celeste: from n/a through <= 1.3.6. | ||||
| CVE-2026-27338 | 2 Aivahthemes, Wordpress | 2 Car Zone, Wordpress | 2026-04-01 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in AivahThemes Car Zone carzone allows Object Injection.This issue affects Car Zone: from n/a through <= 3.7. | ||||
| CVE-2026-27098 | 2 Axiomthemes, Wordpress | 2 Au Pair Agency - Babysitting & Nanny Theme, Wordpress | 2026-04-01 | 8.1 High |
| Deserialization of Untrusted Data vulnerability in axiomthemes Au Pair Agency - Babysitting & Nanny Theme au-pair-agency allows Object Injection.This issue affects Au Pair Agency - Babysitting & Nanny Theme: from n/a through <= 1.2.2. | ||||
| CVE-2026-25316 | 2 Brainstormforce, Wordpress | 2 Cartflows, Wordpress | 2026-04-01 | 7.2 High |
| Deserialization of Untrusted Data vulnerability in Brainstorm Force CartFlows cartflows allows Object Injection.This issue affects CartFlows: from n/a through <= 2.1.19. | ||||
| CVE-2026-24954 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Object Injection.This issue affects WpEvently: from n/a through <= 5.0.8. | ||||
| CVE-2026-24385 | 2 Gerritvanaaken, Wordpress | 2 Podlove Web Player, Wordpress | 2026-04-01 | 7.5 High |
| Deserialization of Untrusted Data vulnerability in gerritvanaaken Podlove Web Player podlove-web-player allows Object Injection.This issue affects Podlove Web Player: from n/a through <= 5.9.1. | ||||
| CVE-2026-23798 | 2 Blubrry, Wordpress | 2 Powerpress Podcasting, Wordpress | 2026-04-01 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in blubrry PowerPress Podcasting powerpress allows Object Injection.This issue affects PowerPress Podcasting: from n/a through <= 11.15.10. | ||||
| CVE-2026-23549 | 2 Magepeopleteam, Wordpress | 2 Wpevently, Wordpress | 2026-04-01 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Object Injection.This issue affects WpEvently: from n/a through <= 5.1.1. | ||||
| CVE-2026-23544 | 2 Codetipi, Wordpress | 2 Valenti, Wordpress | 2026-04-01 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in codetipi Valenti valenti allows Object Injection.This issue affects Valenti: from n/a through <= 5.6.3.5. | ||||
| CVE-2026-23542 | 2 Themegoods, Wordpress | 2 Grand Restaurant, Wordpress | 2026-04-01 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Restaurant grandrestaurant allows Object Injection.This issue affects Grand Restaurant: from n/a through <= 7.0.10. | ||||
| CVE-2026-22501 | 2 Axiomthemes, Wordpress | 2 Mounthood, Wordpress | 2026-04-01 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in axiomthemes Mounthood mounthood allows Object Injection.This issue affects Mounthood: from n/a through <= 1.3.2. | ||||
| CVE-2026-22497 | 2 Ancorathemes, Wordpress | 2 Jardi, Wordpress | 2026-04-01 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in AncoraThemes Jardi jardi allows Object Injection.This issue affects Jardi: from n/a through <= 1.7.2. | ||||
| CVE-2026-22475 | 2 Axiomthemes, Wordpress | 2 Estate, Wordpress | 2026-04-01 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in axiomthemes Estate estate allows Object Injection.This issue affects Estate: from n/a through <= 1.3.4. | ||||