Object Injection Vulnerability in FoodBakery by Chimpstudio
CVE-2025-32927

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: Foodbakery
Vendor: CVE Published:; 19 May 2025

What is CVE-2025-32927?

The FoodBakery product by Chimpstudio is affected by a vulnerability that allows for Object Injection due to the deserialization of untrusted data. This flaw can lead to serious security implications, enabling attackers to execute arbitrary code or manipulate data, thereby compromising the application’s integrity and security. All users of FoodBakery, particularly those on versions prior to 3.3, should take immediate action to assess and mitigate their exposure to this vulnerability.

Affected Version(s)

FoodBakery <= 3.3

References

https://patchstack.com/database/wordpress/plugin/wp-foodb...

vdb-entry

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 19, 2025
Vulnerability Reserved
Apr 14, 2025

Credit

Bonds (Patchstack Alliance)

WordPress

What is CVE-2025-32927?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit