VYPR

CWE-502

Deserialization of Untrusted Data

BaseDraftLikelihood: Medium

Description

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-586

CVEs mapped to this weakness (1,721)

page 45 of 87
  • CVE-2026-0726HigJan 20, 2026
    risk 0.53cvss 8.1epss 0.00

    The Nexter Extension – Site Enhancements Toolkit plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.6 via deserialization of untrusted input in the 'nxt_unserialize_replace' function. This makes it possible for unauthenticated…

  • CVE-2025-14044HigDec 12, 2025
    risk 0.53cvss 8.1epss 0.00

    The Visitor Logic Lite plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0.3 via deserialization of untrusted input from the `lpblocks` cookie. This is due to the `lp_track()` function passing unsanitized cookie data directly to…

  • CVE-2025-58592HigNov 6, 2025
    risk 0.53cvss 8.1epss 0.00

    Deserialization of Untrusted Data vulnerability in Cozmoslabs TranslatePress translatepress-multilingual allows Object Injection.This issue affects TranslatePress: from n/a through <= 2.10.2.

  • CVE-2025-46183HigOct 24, 2025
    risk 0.53cvss 8.2epss 0.00

    The Utils.deserialize function in pgCodeKeeper 10.12.0 processes serialized data from untrusted sources. If an attacker provides a specially crafted .ser file, deserialization may result in unintended code execution or other malicious behavior on the target system.

  • CVE-2025-53584HigAug 28, 2025
    risk 0.53cvss 8.1epss 0.00

    Deserialization of Untrusted Data vulnerability in emarket-design WP Ticket Customer Service Software & Support Ticket System wp-ticket allows Object Injection.This issue affects WP Ticket Customer Service Software & Support Ticket System: from n/a through <= 6.0.2.

  • CVE-2025-53583HigAug 28, 2025
    risk 0.53cvss 8.1epss 0.00

    Deserialization of Untrusted Data vulnerability in emarket-design Employee Spotlight employee-spotlight allows Object Injection.This issue affects Employee Spotlight: from n/a through <= 5.1.1.

  • CVE-2025-53572HigAug 28, 2025
    risk 0.53cvss 8.1epss 0.00

    Deserialization of Untrusted Data vulnerability in emarket-design WP Easy Contact wp-easy-contact allows Object Injection.This issue affects WP Easy Contact: from n/a through <= 4.0.1.

  • CVE-2025-53243HigAug 28, 2025
    risk 0.53cvss 8.1epss 0.00

    Deserialization of Untrusted Data vulnerability in emarket-design Employee Directory – Staff Listing & Team Directory Plugin for WordPress employee-directory allows Object Injection.This issue affects Employee Directory – Staff Listing & Team Directory Plugin for WordPress:…

  • CVE-2024-54678HigAug 12, 2025
    risk 0.53cvss 8.2epss 0.00

    A vulnerability has been identified in SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions), SIMATIC PCS neo V6.0 (All versions < V6.0 SP1 Update 1), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 V17 (All versions < V17 Update 9), SIMATIC STEP 7 V18…

  • CVE-2025-24919HigJun 13, 2025
    risk 0.53cvss 8.1epss 0.02

    A deserialization of untrusted input vulnerability exists in the cvhDecapsulateCmd functionality of Dell ControlVault3 prior to 5.15.10.14 and ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault response to a command can lead to arbitrary code execution. An…

  • CVE-2025-48951CriJun 3, 2025
    risk 0.53cvss epss 0.01

    Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. Versions 8.0.0-BETA3 prior to 8.3.1 contain a vulnerability due to insecure deserialization of cookie data. If exploited, since SDKs process cookie content without prior authentication, a threat actor could…

  • CVE-2025-0956HigMar 5, 2025
    risk 0.53cvss 8.1epss 0.01

    The WooCommerce Recover Abandoned Cart plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 24.4.0 via deserialization of untrusted input from the 'raccookie_guest_email' cookie. This makes it possible for unauthenticated attackers to…

  • CVE-2024-56291HigJan 7, 2025
    risk 0.53cvss 8.1epss 0.00

    Deserialization of Untrusted Data vulnerability in plainware PlainInventory z-inventory-manager allows Object Injection.This issue affects PlainInventory: from n/a through <= 3.1.6.

  • CVE-2024-56283HigJan 7, 2025
    risk 0.53cvss 8.1epss 0.00

    Deserialization of Untrusted Data vulnerability in plainware Locatoraid Store Locator locatoraid allows Object Injection.This issue affects Locatoraid Store Locator: from n/a through <= 3.9.50.

  • CVE-2024-12312HigDec 12, 2024
    risk 0.53cvss 8.1epss 0.01

    The Print Science Designer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.152 via deserialization of untrusted input through the 'designer-saved-projects' cookie. This makes it possible for unauthenticated attackers to inject…

  • CVE-2023-23649HigMar 28, 2024
    risk 0.53cvss 8.1epss 0.01

    Deserialization of Untrusted Data vulnerability in MainWP MainWP Links Manager Extension.This issue affects MainWP Links Manager Extension: from n/a through 2.1.

  • CVE-2024-30230HigMar 28, 2024
    risk 0.53cvss 8.2epss 0.01

    Deserialization of Untrusted Data vulnerability in Acowebs PDF Invoices and Packing Slips For WooCommerce.This issue affects PDF Invoices and Packing Slips For WooCommerce: from n/a through 1.3.7.

  • CVE-2024-2721HigMar 20, 2024
    risk 0.53cvss 8.2epss 0.01

    Deserialization of Untrusted Data vulnerability in Social Media Share Buttons By Sygnoos Social Media Share Buttons.This issue affects Social Media Share Buttons: from n/a through 2.1.0.

  • CVE-2024-24796HigFeb 12, 2024
    risk 0.53cvss 8.2epss 0.01

    Deserialization of Untrusted Data vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin.This issue affects Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin: from n/a…

  • CVE-2023-32795HigDec 28, 2023
    risk 0.53cvss 8.2epss 0.01

    Deserialization of Untrusted Data vulnerability in WooCommerce Product Add-Ons.This issue affects Product Add-Ons: from n/a through 6.1.3.