CVE-2025-53586

CVE-2025-53586 describes a deserialization of untrusted data vulnerability in the WordPress WordPress theme Noi? NooTheme WeMusic (noo-wemusic) affecting versions from n/a through ≤ 1.9.1. The underlying issue is PHP object injection due to deserializing untrusted data in the WeMusic plugin/theme...

CVE-2025-53585

The CVE-2025-53585 entry concerns the WordPress WeMusic theme (noo-wemusic) with versions up to and including 1.9.1, which is vulnerable to Reflected XSS caused by improper neutralization of input during web page generation. The affected component is the WeMusic theme for WordPress; root cause is...