Skip to main content

Totalcontest Lite

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-0677 MEDIUM This Month

This is a deserialization of untrusted data vulnerability (PHP Object Injection) in the TotalContest Lite WordPress plugin that allows authenticated attackers with high-level privileges to inject arbitrary PHP objects. The vulnerability affects all versions through 2.9.1 of the TotalContest Lite plugin from TotalSuite. With a CVSS score of 7.2, successful exploitation can lead to high impact on confidentiality, integrity, and availability of the affected system.

Deserialization Totalcontest Lite
NVD VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-0677
EPSS 0% CVSS 6.3
MEDIUM This Month

This is a deserialization of untrusted data vulnerability (PHP Object Injection) in the TotalContest Lite WordPress plugin that allows authenticated attackers with high-level privileges to inject arbitrary PHP objects. The vulnerability affects all versions through 2.9.1 of the TotalContest Lite plugin from TotalSuite. With a CVSS score of 7.2, successful exploitation can lead to high impact on confidentiality, integrity, and availability of the affected system.

Deserialization Totalcontest Lite
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy