Skip to main content

Ctx Feed

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-39434 HIGH This Week

PHP Object Injection in the CTX Feed (WebAppick Product Feed for WooCommerce) WordPress plugin versions up to and including 6.6.26 allows authenticated users with Shop Manager privileges to trigger unsafe deserialization, leading to full compromise of confidentiality, integrity, and availability on the host site. The flaw was disclosed by Patchstack and tracked as EUVD-2026-36924; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

PHP Deserialization Ctx Feed
NVD
CVSS 3.1
7.2
EPSS
0.4%
CVE-2026-39434
EPSS 0% CVSS 7.2
HIGH This Week

PHP Object Injection in the CTX Feed (WebAppick Product Feed for WooCommerce) WordPress plugin versions up to and including 6.6.26 allows authenticated users with Shop Manager privileges to trigger unsafe deserialization, leading to full compromise of confidentiality, integrity, and availability on the host site. The flaw was disclosed by Patchstack and tracked as EUVD-2026-36924; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

PHP Deserialization Ctx Feed
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy