Deserialization Vulnerability in AncoraThemes Fish House Product
CVE-2025-31631

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: Fish House
Vendor: CVE Published:; 23 May 2025

What is CVE-2025-31631?

A vulnerability in the AncoraThemes Fish House allows for the deserialization of untrusted data, leading to object injection. This issue affects versions of Fish House from release n/a through 1.2.7, potentially compromising the integrity of the affected WordPress sites. Users are advised to apply updates and review their security practices to mitigate risks associated with this vulnerability.

Affected Version(s)

Fish House <= 1.2.7

References

https://patchstack.com/database/wordpress/theme/fish-hous...

vdb-entry

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 23, 2025
Vulnerability Reserved
Mar 31, 2025

Credit

Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) (Patchstack Alliance)