Tag

Object-Injection

3 briefs RSS

MetaSlider Responsive Slider Plugin Deserialization Vulnerability (CVE-2026-39467)

A deserialization of untrusted data vulnerability in the MetaSlider Responsive Slider plugin for WordPress (versions up to 3.106.0) allows for unauthenticated object injection, potentially leading to remote code execution.

wordpress object-injection deserialization cve-2026-39467

2r 1t 1c 1w ago

high advisory

Smart Post Show WordPress Plugin PHP Object Injection Vulnerability

2 rules 1 TTP 1 CVE

The Smart Post Show WordPress plugin versions 3.0.12 and earlier are vulnerable to PHP Object Injection via deserialization of untrusted input in the import_shortcodes() function, potentially leading to remote code execution if a suitable POP chain is present.

wordpress php object-injection rce

2r 1t 1c 2w ago

critical advisory

Everest Forms WordPress Plugin PHP Object Injection Vulnerability

2 rules 2 TTPs 1 CVE

The Everest Forms plugin for WordPress is vulnerable to PHP Object Injection (CVE-2026-3296) in versions up to 3.4.3, allowing unauthenticated attackers to execute arbitrary code by injecting serialized PHP objects via form fields.

wordpress php object-injection rce cve-2026-3296

2r 2t 1c 3w ago