Deserialization in Totalsuite Totalcontest Lite

CVE-2026-0677

Deserialization of Untrusted Data vulnerability in TotalSuite TotalContest Lite totalcontest-lite allows Object Injection.This issue affects TotalContest Lite: from n/a through <= 2.9.1.

Vulnerability class: Insecure Deserialization

EPSS: 0.000 (1.5th percentile) — read the EPSS interpretation.

Affected products

Totalsuite Totalcontest Lite — versions 0

Weakness classification (CWE)

CWE-502 — Deserialization of Untrusted Data

References

patchstack.com/database/Wordpress/Plugin/totalcontest-lite/vulnerability/wordpr… (vdb-entry)