Tag: php object injection

All the articles with the tag "php object injection".

[CVE-2025-9083] Unauthenticated PHP Object Injection in Ninja Forms Hands WordPress Attackers the Keys

18 Sep, 2025

A flaw in the Repeatable Fieldset component lets anyone send a crafted form submission that Ninja Forms unserializes. If a gadget chain exists on the site, the attacker can pivot to remote code execution without logging in.

[CVE-2025-9083] Unauthenticated PHP Object Injection in Ninja Forms Hands WordPress Attackers the Keys