CVE-2026-0677

HIGH NVD

CVSS Score 7.2

Severity HIGH

Published Mar 20, 2026

Vendor unknown

Description

Deserialization of Untrusted Data vulnerability in TotalSuite TotalContest Lite allows Object Injection.This issue affects TotalContest Lite: from n/a through 2.9.1.

References

https://patchstack.com/database/wordpress/plugin/totalcontest-lite/vulnerability/wordpress-totalcontest-lite-plugin-2-9-1-php-object-injection-vulnerability?_s_id=cve