VYPR

CWE-502

Deserialization of Untrusted Data

BaseDraftLikelihood: Medium

Description

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-586

CVEs mapped to this weakness (1,721)

page 58 of 87
  • CVE-2025-49331HigJun 17, 2025
    risk 0.47cvss 7.2epss 0.00

    Deserialization of Untrusted Data vulnerability in impleCode eCommerce Product Catalog ecommerce-product-catalog allows Object Injection.This issue affects eCommerce Product Catalog: from n/a through <= 3.4.3.

  • CVE-2025-4803HigMay 21, 2025
    risk 0.47cvss 7.2epss 0.01

    The Glossary by WPPedia – Best Glossary plugin for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.0 via deserialization of untrusted input from the 'posttypes' parameter. This makes it possible for authenticated…

  • CVE-2025-48134HigMay 16, 2025
    risk 0.47cvss 7.2epss 0.00

    Deserialization of Untrusted Data vulnerability in ShapedPlugin LLC WP Tabs wp-expand-tabs-free allows Object Injection.This issue affects WP Tabs: from n/a through <= 2.2.12.

  • CVE-2025-47683HigMay 7, 2025
    risk 0.47cvss 7.2epss 0.00

    Deserialization of Untrusted Data vulnerability in Florent Maillefaud WP Maintenance wp-maintenance allows Object Injection.This issue affects WP Maintenance: from n/a through <= 6.1.9.7.

  • CVE-2025-47629HigMay 7, 2025
    risk 0.47cvss 7.2epss 0.00

    Deserialization of Untrusted Data vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Object Injection.This issue affects WP-CRM System: from n/a through <= 3.4.5.

  • CVE-2025-46481HigApr 24, 2025
    risk 0.47cvss 7.2epss 0.00

    Deserialization of Untrusted Data vulnerability in Michael Cannon Flickr Shortcode Importer flickr-shortcode-importer allows Object Injection.This issue affects Flickr Shortcode Importer: from n/a through <= 2.2.3.

  • CVE-2025-46473HigApr 24, 2025
    risk 0.47cvss 7.2epss 0.00

    Deserialization of Untrusted Data vulnerability in Prisna Social Counter social-counter allows Object Injection.This issue affects Social Counter: from n/a through <= 2.0.5.

  • CVE-2025-30773HigMar 27, 2025
    risk 0.47cvss 7.2epss 0.01

    Deserialization of Untrusted Data vulnerability in Cozmoslabs TranslatePress translatepress-multilingual allows Object Injection.This issue affects TranslatePress: from n/a through <= 2.9.6.

  • CVE-2025-2376HigMar 17, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability has been found in viames Pair Framework up to 1.9.11 and classified as critical. Affected by this vulnerability is the function getCookieContent of the file /src/UserRemember.php of the component PHP Object Handler. The manipulation of the argument cookieName…

  • CVE-2025-26885HigMar 3, 2025
    risk 0.47cvss 7.2epss 0.01

    Deserialization of Untrusted Data vulnerability in Beaver Builder WordPress Assistant assistant allows Object Injection.This issue affects WordPress Assistant: from n/a through <= 1.5.1.

  • CVE-2025-27301HigFeb 24, 2025
    risk 0.47cvss 7.2epss 0.01

    Deserialization of Untrusted Data vulnerability in Nazmul Hasan Robin NHR Options Table Manager nhrrob-options-table-manager allows Object Injection.This issue affects NHR Options Table Manager: from n/a through <= 1.1.2.

  • CVE-2025-27300HigFeb 24, 2025
    risk 0.47cvss 7.2epss 0.01

    Deserialization of Untrusted Data vulnerability in giuliopanda ADFO admin-form allows Object Injection.This issue affects ADFO: from n/a through <= 1.9.1.

  • CVE-2025-0841HigJan 29, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability has been found in Aridius XYZ up to 20240927 on OpenCart and classified as critical. This vulnerability affects the function loadMore of the component News. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been…

  • CVE-2025-0465HigJan 14, 2025
    risk 0.47cvss 7.3epss 0.01

    A vulnerability was found in AquilaCMS 1.412.13. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/v2/categories. The manipulation of the argument PostBody.populate leads to deserialization. The attack may be launched remotely.…

  • CVE-2024-11465HigJan 7, 2025
    risk 0.47cvss 7.2epss 0.01

    The Custom Product Tabs for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.8.5 via deserialization of untrusted input in the 'yikes_woo_products_tabs' post meta parameter. This makes it possible for authenticated…

  • CVE-2024-12721HigDec 21, 2024
    risk 0.47cvss 7.2epss 0.01

    The Custom Product Tabs For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.4 via deserialization of untrusted input from the 'wb_custom_tabs' parameter. This makes it possible for authenticated attackers, with…

  • CVE-2024-54282HigDec 13, 2024
    risk 0.47cvss 7.2epss 0.01

    Deserialization of Untrusted Data vulnerability in Themeum WP Mega Menu wp-megamenu allows Object Injection.This issue affects WP Mega Menu: from n/a through <= 1.4.2.

  • CVE-2024-11409HigNov 21, 2024
    risk 0.47cvss 7.2epss 0.01

    The Grid View Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0 via deserialization of untrusted input from cs_all_photos_details parameter. This makes it possible for authenticated attackers, with Editor-level access…

  • CVE-2023-32736HigNov 12, 2024
    risk 0.47cvss 7.3epss 0.00

    A vulnerability has been identified in SIMATIC S7-PLCSIM V16 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 Safety V16 (All versions), SIMATIC STEP 7 Safety V17 (All versions < V17 Update 8), SIMATIC STEP 7 Safety V18 (All versions < V18 Update 5), SIMATIC…

  • CVE-2024-49684HigOct 23, 2024
    risk 0.47cvss 7.2epss 0.01

    Deserialization of Untrusted Data vulnerability in revmakx Backup and Staging by WP Time Capsule wp-time-capsule allows Object Injection.This issue affects Backup and Staging by WP Time Capsule: from n/a through <= 1.22.21.