CVE-2026-0677

CVE-2026-0677: WordPress TotalContest Lite plugin <= 2.9.1 - PHP Object Injection vulnerability

Vendor Totalsuite

Product TotalContest Lite

Weakness CWE-502 · Unsafe deserialization

Published March 20, 2026

Last update June 10, 2026

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

Deserialization of Untrusted Data vulnerability in TotalSuite TotalContest Lite totalcontest-lite allows Object Injection.This issue affects TotalContest Lite: from n/a through <= 2.9.1.

Key dates

Disclosure timeline

March 20, 2026 CVE published

June 10, 2026 Record updated