CVE-2025-69372

CVE-2025-69372 affects SevenHills WordPress theme (AncoraThemes) up to version 1.6.2. It involves Deserialization of Untrusted Data leading to PHP Object Injection. Impact is described as high (CVSS 3.1 base score 9.8, CRITICAL) with network attack vector and no user interaction required. Remedia...

CVE-2025-69370

CVE-2025-69370: PHP Object Injection in WordPress Capella theme (Capella

CVE-2025-69329 WordPress Prestige theme < 1.4.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Jthemes Prestige prestige allows Object Injection.This issue affects Prestige: from n/a through 1.4.1...

CVE-2025-69328 WordPress Booking and Rental Manager plugin <= 2.5.9 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Object Injection.This issue affects Booking and Rental Manager: from n/a through = 2.5.9...

CVE-2025-69328 WordPress Booking and Rental Manager plugin <= 2.5.9 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Object Injection.This issue affects Booking and Rental Manager: from n/a through = 2.5.9...

CVE-2025-69329 WordPress Prestige theme < 1.4.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Jthemes Prestige prestige allows Object Injection.This issue affects Prestige: from n/a through 1.4.1...

CVE-2025-69329

Deserialization of Untrusted Data in WordPress Theme Prestige (CVE-2025-69329) affects Prestige versions prior to 1.4.1. The issue enables PHP object injection via untrusted data deserialization, with assessed impact described as high confidentiality/integrity/availability concerns. Mitigation: u...

CVE-2025-69328

Deserialization of Untrusted Data in WordPress Booking and Rental Manager for WooCommerce (CVE-2025-69328) allows PHP Object Injection. Affected: Booking and Rental Manager

CVE-2025-69301 WordPress PhotoMe theme <= 5.6.11 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in ThemeGoods PhotoMe photome allows Object Injection.This issue affects PhotoMe: from n/a through = 5.6.11...

CVE-2025-69301

CVE-2025-69301 describes a PHP object injection due to deserialization of untrusted data in the PhotoMe WordPress theme (Theme PhotoMe/photome). Affected: PhotoMe versions n/a through 5.6.11. Root cause: deserialization of untrusted data enabling object injection. Impact (per CVSS 3.1): high conf...

CVE-2025-69301 WordPress PhotoMe theme <= 5.6.11 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in ThemeGoods PhotoMe photome allows Object Injection.This issue affects PhotoMe: from n/a through = 5.6.11...

CVE-2025-69294

CVE-2025-69294 affects the PeakShops WordPress theme (PeakShops) with PHP Object Injection via deserialization of untrusted data. Affected product/version: PeakShops theme up to and including 1.5.9 (n/a through 1.5.9). Root cause: deserialization of untrusted data leading to object injection. Doc...

CVE-2025-69294 WordPress PeakShops theme <= 1.5.9 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in fuelthemes PeakShops peakshops allows Object Injection.This issue affects PeakShops: from n/a through = 1.5.9...

CVE-2025-69294 WordPress PeakShops theme <= 1.5.9 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in fuelthemes PeakShops peakshops allows Object Injection.This issue affects PeakShops: from n/a through = 1.5.9...

CVE-2025-68853

The CVE CVE-2025-68853 affects WordPress Contact Manager plugin (contact-manager) up to version 9.1.1 and is a Deserialization of Untrusted Data (PHP Object Injection) vulnerability. Public sources (NVD/Red Hat/Patchstack/Wordfence) identify the root cause as untrusted data deserialization in con...

CVE-2025-68853 WordPress Contact Manager plugin <= 9.1.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Kleor Contact Manager contact-manager allows Object Injection.This issue affects Contact Manager: from n/a through = 9.1.1...

CVE-2025-68853 WordPress Contact Manager plugin <= 9.1.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Kleor Contact Manager contact-manager allows Object Injection.This issue affects Contact Manager: from n/a through = 9.1.1...

CVE-2025-68541

CVE-2025-68541 affects WordPress theme Ippsum up to version 1.2.0, describing a deserialization (PHP object injection) vulnerability. Wordfence and Patchstack corroborate the issue and indicate remediation is to update to a newer version (post-1.2.0). The CVSS metrics in the base entry show overa...

CVE-2025-68541 WordPress Ippsum theme <= 1.2.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in BoldThemes Ippsum ippsum allows Object Injection.This issue affects Ippsum: from n/a through = 1.2.0...

CVE-2025-68541 WordPress Ippsum theme <= 1.2.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in BoldThemes Ippsum ippsum allows Object Injection.This issue affects Ippsum: from n/a through = 1.2.0...