CWE-502


Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

We have discovered 680,236 live websites that are affected by CWE-502.

Contact us to get more info







CVEs

  • Count - 154



CWE-502 usage by Country

United States242,059 websites


Germany72,357 websites
France35,946 websites
GB24,675 websites
Japan24,447 websites
Italy21,597 websites
Vietnam21,059 websites
Netherlands18,621 websites
Russia15,483 websites
Poland15,097 websites

CWE-502 usage by TLD

.com289,233 websites
.org35,879 websites
.de35,191 websites
.co.uk18,318 websites
.nl18,142 websites
.it17,076 websites
.net16,933 websites
.fr14,205 websites
.com.au13,591 websites
.ru12,976 websites

Newest CVEs

List of the most recent CVEs that are part of CWE-502
DiscoveredCVEDescriptionWebsites
Apr, 2025CVE-2025-27286 WordPress Saoshyant Slider Plugin <= 3.0 - PHP Object Injection vulnerability37
Apr, 2025CVE-2025-32571 WordPress TuriTop Booking System Plugin <= 1.0.10 - PHP Object Injection vulnerability61
Apr, 2025CVE-2025-32572 WordPress Kata Plus Plugin <= 1.5.2 - PHP Object Injection vulnerability48
Apr, 2025CVE-2025-32658 WordPress HelpGent plugin <= 2.2.4 - PHP Object Injection vulnerability5
Apr, 2025CVE-2025-32662 WordPress uListing plugin <= 2.2.0 - Deserialization of untrusted data vulnerability251
Apr, 2025CVE-2025-32686 WordPress Team Members <= 3.4.0 - PHP Object Injection Vulnerability179
Apr, 2025CVE-2025-39527 WordPress Rating by BestWebSoft <= 1.7 - PHP Object Injection Vulnerability124
Apr, 2025CVE-2025-39588 WordPress Ultimate Store Kit Elementor Addons <= 2.4.0 - Deserialization of untrusted data Vulnerability82
Apr, 2025CVE-2025-30985 WordPress GNUCommerce plugin <= 1.5.4 - PHP Object Injection vulnerability68
Apr, 2025CVE-2025-3439 Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress <= 3.1.1 - Unauthenticated PHP Object Injection28,547

The most widespread CVEs

List of the most common CVEs that are part of CWE-502
DiscoveredCVEDescriptionWebsites
Dec, 2023CVE-2023-28782 WordPress Gravity Forms Plugin <= 2.7.3 is vulnerable to PHP Object Injection110,095
Feb, 2025CVE-2025-26763 WordPress Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider Plugin <= 3.94.0 - PHP Object Injection vulnerability100,466
Dec, 2023CVE-2023-40555 WordPress Flatsome Theme <= 3.17.5 is vulnerable to PHP Object Injection79,679
Aug, 2024CVE-2024-2694 Betheme <= 27.5.6 - Authenticated (Contributor+) PHP Object Injection75,929
Apr, 2024CVE-2024-32600 WordPress Master Slider plugin <= 3.9.5 - PHP Object Injection vulnerability66,343
Oct, 2023CVE-2023-3154 NextGEN Gallery < 3.39 - Admin+ PHAR Deserialization44,160
Mar, 2025CVE-2025-30773 WordPress TranslatePress <= 2.9.6 - PHP Object Injection Vulnerability35,989
Apr, 2025CVE-2025-3439 Everest Forms – Contact Form, Quiz, Survey, Newsletter & Payment Form Builder for WordPress <= 3.1.1 - Unauthenticated PHP Object Injection28,547
Mar, 2025CVE-2025-0912 GiveWP – Donation Plugin and Fundraising Platform <= 3.19.4 - Unauthenticated PHP Object Injection19,556
Jan, 2025CVE-2025-22777 WordPress GiveWP Plugin <= 3.19.3 - PHP Object Injection vulnerability17,284

Websites affected by CWE-502

Top websites that are affected by CWE-502. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
********.****.com United States***
**********.com United States***
*****.com United States***
********.com United States*,***
*******.com United States*,***
***************.eu Netherlands*,***
****.******.jp United States*,***
**********.com United States*,***
**********.com United States*,***
***.int Switzerland*,***
See full domain list