VYPR

CWE-502

Deserialization of Untrusted Data

BaseDraftLikelihood: Medium

Description

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-586

CVEs mapped to this weakness (1,721)

page 30 of 87
  • CVE-2026-27338HigMar 5, 2026
    risk 0.57cvss 8.8epss 0.00

    Deserialization of Untrusted Data vulnerability in AivahThemes Car Zone carzone allows Object Injection.This issue affects Car Zone: from n/a through <= 3.7.

  • CVE-2026-23798HigMar 5, 2026
    risk 0.57cvss 8.8epss 0.00

    Deserialization of Untrusted Data vulnerability in blubrry PowerPress Podcasting powerpress allows Object Injection.This issue affects PowerPress Podcasting: from n/a through <= 11.15.10.

  • CVE-2026-22473HigMar 5, 2026
    risk 0.57cvss 8.8epss 0.00

    Deserialization of Untrusted Data vulnerability in designthemes Dental Clinic dental allows Object Injection.This issue affects Dental Clinic: from n/a through <= 3.7.

  • CVE-2026-22471HigMar 5, 2026
    risk 0.57cvss 8.8epss 0.00

    Deserialization of Untrusted Data vulnerability in maximsecudeal Secudeal Payments for Ecommerce secudeal-payments-for-ecommerce allows Object Injection.This issue affects Secudeal Payments for Ecommerce: from n/a through <= 1.1.

  • CVE-2026-22354HigFeb 20, 2026
    risk 0.57cvss 8.8epss 0.00

    Deserialization of Untrusted Data vulnerability in Dotstore Woocommerce Category Banner Management banner-management-for-woocommerce allows Object Injection.This issue affects Woocommerce Category Banner Management: from n/a through <= 2.5.1.

  • CVE-2026-22346HigFeb 20, 2026
    risk 0.57cvss 8.8epss 0.00

    Deserialization of Untrusted Data vulnerability in A WP Life Slider Responsive Slideshow – Image slider, Gallery slideshow slider-responsive-slideshow allows Object Injection.This issue affects Slider Responsive Slideshow – Image slider, Gallery slideshow: from n/a through…

  • CVE-2026-22345HigFeb 20, 2026
    risk 0.57cvss 8.8epss 0.00

    Deserialization of Untrusted Data vulnerability in A WP Life Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery new-image-gallery allows Object Injection.This issue affects Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery:…

  • CVE-2025-69328HigFeb 20, 2026
    risk 0.57cvss 8.8epss 0.00

    Deserialization of Untrusted Data vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Object Injection.This issue affects Booking and Rental Manager: from n/a through <= 2.5.9.

  • CVE-2025-69294HigFeb 20, 2026
    risk 0.57cvss 8.8epss 0.00

    Deserialization of Untrusted Data vulnerability in fuelthemes PeakShops peakshops allows Object Injection.This issue affects PeakShops: from n/a through <= 1.5.9.

  • CVE-2025-68853HigFeb 20, 2026
    risk 0.57cvss 8.8epss 0.00

    Deserialization of Untrusted Data vulnerability in Kleor Contact Manager contact-manager allows Object Injection.This issue affects Contact Manager: from n/a through <= 9.1.1.

  • CVE-2025-68531HigFeb 20, 2026
    risk 0.57cvss 8.8epss 0.00

    Deserialization of Untrusted Data vulnerability in modeltheme ModelTheme Addons for WPBakery and Elementor modeltheme-addons-for-wpbakery allows Object Injection.This issue affects ModelTheme Addons for WPBakery and Elementor: from n/a through < 1.5.6.

  • CVE-2025-68526HigFeb 20, 2026
    risk 0.57cvss 8.8epss 0.00

    Deserialization of Untrusted Data vulnerability in A WP Life Modal Popup Box modal-popup-box allows Object Injection.This issue affects Modal Popup Box: from n/a through <= 1.6.1.

  • CVE-2026-23544HigFeb 19, 2026
    risk 0.57cvss 8.8epss 0.00

    Deserialization of Untrusted Data vulnerability in codetipi Valenti valenti allows Object Injection.This issue affects Valenti: from n/a through <= 5.6.3.5.

  • CVE-2026-0910HigFeb 11, 2026
    risk 0.57cvss 8.8epss 0.01

    The wpForo Forum plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.4.13 via deserialization of untrusted input in the 'wpforo_display_array_data' function. This makes it possible for authenticated attackers, with Subscriber-level…

  • CVE-2026-24954HigFeb 3, 2026
    risk 0.57cvss 8.8epss 0.00

    Deserialization of Untrusted Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Object Injection.This issue affects WpEvently: from n/a through <= 5.0.8.

  • CVE-2025-69099HigJan 22, 2026
    risk 0.57cvss 8.8epss 0.00

    Deserialization of Untrusted Data vulnerability in fuelthemes North north-wp allows Object Injection.This issue affects North: from n/a through <= 5.7.5.

  • CVE-2025-69036HigJan 22, 2026
    risk 0.57cvss 8.8epss 0.00

    Deserialization of Untrusted Data vulnerability in strongholdthemes Tech Life CPT techlife-cpt allows Object Injection.This issue affects Tech Life CPT: from n/a through <= 16.4.

  • CVE-2025-69035HigJan 22, 2026
    risk 0.57cvss 8.8epss 0.00

    Deserialization of Untrusted Data vulnerability in strongholdthemes Dental Care CPT dentalcare-cpt allows Object Injection.This issue affects Dental Care CPT: from n/a through <= 20.2.

  • CVE-2025-69002HigJan 22, 2026
    risk 0.57cvss 8.8epss 0.00

    Deserialization of Untrusted Data vulnerability in designthemes OneLife onelife allows Object Injection.This issue affects OneLife: from n/a through <= 3.9.

  • CVE-2025-68903HigJan 22, 2026
    risk 0.57cvss 8.8epss 0.00

    Deserialization of Untrusted Data vulnerability in AivahThemes Anona anona allows Object Injection.This issue affects Anona: from n/a through <= 8.0.