Deserialization Vulnerability in AncoraThemes Umberto Theme for WordPress
CVE-2025-31423
9.8CRITICAL
What is CVE-2025-31423?
A vulnerability in AncoraThemes Umberto allows for deserialization of untrusted data, potentially leading to object injection attacks. This flaw impacts versions ranging from n/a to 1.2.8, making it critical for users to take precautions and update their installation to mitigate the risk.
Affected Version(s)
Umberto <= 1.2.8
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) (Patchstack Alliance)