CWE-502

Medium likelihood

Deserialization of Untrusted Data

Parent: CWE-913 - Improper Control of Dynamically-Managed Code Resources

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

2,741 vulnerabilities with CWE-502

CVE-2026-48853 CRITICAL

Remote code execution and denial of service via unsafe Erlang term deserialization in elixir-grpc/grpc

CVE-2026-9691 CRITICAL

WordPress Integration for ActiveCampaign and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.1 - PHP Object Injection vulnerability

CVSS 9.8

CVE-2026-49781 CRITICAL

WordPress OttoKit plugin <= 1.1.27 - PHP Object Injection vulnerability

CVSS 9.8

CVE-2026-49770 CRITICAL

WordPress WP Travel Engine plugin <= 6.7.12 - PHP Object Injection vulnerability

CVSS 9.8

CVE-2026-49769 CRITICAL

WordPress wpForo Forum plugin <= 3.1.0 - PHP Object Injection vulnerability

CVSS 9.8

CVE-2026-49768 CRITICAL

WordPress Happyforms plugin <= 1.26.13 - PHP Object Injection vulnerability

CVSS 9.8

CVE-2026-49765 CRITICAL

WordPress Integration for Mailchimp and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.8 - PHP Object Injection vulnerability

CVSS 9.8

CVE-2026-49763 CRITICAL

WordPress Integration for Contact Form 7 HubSpot plugin <= 1.3.7 - PHP Object Injection vulnerability

CVSS 9.8

CVE-2026-49109 CRITICAL

WordPress Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin <= 1.4.3 - PHP Object Injection vulnerability

CVSS 9.8

CVE-2026-49106 CRITICAL

WordPress Integration for Contact Form 7 and Constant Contact plugin <= 1.1.6 - PHP Object Injection vulnerability

CVSS 9.8

CVE-2026-49105 CRITICAL

WordPress WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.4 - PHP Object Injection vulnerability

CVSS 9.8

CVE-2026-49104 CRITICAL

WordPress Integration for Keap/infusionsoft and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin <= 1.2.1 - PHP Object Injection vulnerability

CVSS 9.8

CVE-2026-49085 CRITICAL

WordPress WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms plugin <= 1.1.4 - PHP Object Injection vulnerability

CVSS 9.8

CVE-2026-42687 HIGH

WordPress EventPrime plugin <= 4.3.2.1 - PHP Object Injection vulnerability

CVSS 8.1

CVE-2026-39532 HIGH

WordPress Events Calendar for GeoDirectory plugin <= 2.3.25 - PHP Object Injection vulnerability

CVSS 8.8

CVE-2026-39499 HIGH

WordPress Advanced Product Fields (Product Addons) for WooCommerce plugin <= 1.6.19 - PHP Object Injection vulnerability

CVSS 7.2

CVE-2026-39498 HIGH

WordPress YayMail plugin <= 4.3.3 - PHP Object Injection vulnerability

CVSS 7.2

CVE-2026-39481 HIGH

WordPress Modula Image Gallery plugin <= 2.14.18 - PHP Object Injection vulnerability

CVSS 7.2

CVE-2026-39478 HIGH

WordPress Anti-Malware Security and Brute-Force Firewall plugin <= 4.23.87 - PHP Object Injection vulnerability

CVSS 8.8

CVE-2026-39474 HIGH

WordPress Post Duplicator plugin <= 3.0.10 - PHP Object Injection vulnerability

CVSS 8.8

CVE-2026-39472 HIGH

WordPress WooCommerce PDF Invoices & Packing Slips plugin < 5.9.0 - PHP Object Injection vulnerability

CVSS 7.2

CVE-2026-39471 HIGH

WordPress ShortPixel Image Optimizer plugin <= 6.4.3 - PHP Object Injection vulnerability

CVSS 7.2

CVE-2026-39434 HIGH

WordPress CTX Feed plugin <= 6.6.26 - PHP Object Injection vulnerability

CVSS 7.2

CVE-2026-27333 HIGH

WordPress Paid Videochat Turnkey Site plugin <= 7.3.23 - Deserialization of untrusted data vulnerability

CVSS 8.1

CVE-2026-27053 CRITICAL

WordPress Broadcast Live Video plugin < 7.1.3 - PHP Object Injection vulnerability

CVSS 9.8

Details

Vulnerabilities 2,741

Exploit Likelihood Medium

Links