CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-31396 – WordPress FLAP - Business WordPress Theme <= 1.5 - PHP Object Injection Vulnerability
https://notcve.org/view.php?id=CVE-2025-31396
03 Jun 2025 — Deserialization of Untrusted Data vulnerability in themeton FLAP - Business WordPress Theme allows Object Injection. This issue affects FLAP - Business WordPress Theme: from n/a through 1.5. The FLAP - Business WordPress Theme theme for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.5 via deserialization of untrusted input [from the vulnerable parameter?|in the vulnerable function?]. This makes it possible for unauthenticated attackers to inject a PHP Object. • https://patchstack.com/database/wordpress/theme/flap/vulnerability/wordpress-flap-business-wordpress-theme-1-5-php-object-injection-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 8%CPEs: 1EXPL: 1CVE-2007-2940 – FlaP 1.0b - 'pachtofile' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2007-2940
31 May 2007 — Multiple PHP remote file inclusion vulnerabilities in FlaP 1.0b (1.0 Beta) allow remote attackers to execute arbitrary PHP code via a URL in the pachtofile parameter to (1) skin/html/table.php or (2) login.php. Múltiples vulnerabilidades de inclusión remota de archivo en PHP en FlaP 1.0b (1.0 Beta) permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro pachtofile a skin/html/table.php o (2) login.php. • https://www.exploit-db.com/exploits/3992 •