CVE-2023-49778 CRITICAL

CVE-2023-49778: WordPress Sayfa Sayaç Plugin <= 2.6 is vulnerable to PHP Object Injection

Vendor Hakan Demiray
Product Sayfa Sayac
Weakness CWE-502 · Unsafe deserialization
Published December 21, 2023
Last update April 28, 2026
View on NVD All CVEs

CVSS base score

10.0/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Deserialization of Untrusted Data vulnerability in Hakan Demiray Sayfa Sayac.This issue affects Sayfa Sayac: from n/a through 2.6.

Key dates

02Disclosure timeline

December 21, 2023 CVE published
April 28, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-7566 LearnPress – Backup & Migration Tool <= 4.1.4 - Authenticated (Administrator+) PHP Object Injection via WXR XML File Upload CVE-2025-68531 WordPress ModelTheme Addons for WPBakery and Elementor plugin < 1.5.6 - PHP Object Injection vulnerability CVE-2025-62233 Apache DolphinScheduler: Deserialization of untrusted data in RPC CVE-2023-49886 IBM Transformation Extender Advanced code execution CVE-2021-35218 Chart Endpoint Deserialization of Untrusted Data Remote Code Execution Vulnerability