Object Injection Vulnerability in Foodbakery Sticky Cart by Chimpstudio
CVE-2025-39356

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: Foodbakery Sticky Cart
Vendor: CVE Published:; 19 May 2025

What is CVE-2025-39356?

A vulnerability exists in the Foodbakery Sticky Cart plugin by Chimpstudio that allows for Object Injection through deserialization of untrusted data. This issue can potentially lead to malicious actors executing arbitrary code or altering application behavior, affecting the security and integrity of the applications utilizing this plugin. The vulnerable versions are between n/a and 3.2, and users are urged to assess their installations for potential risks.

Affected Version(s)

Foodbakery Sticky Cart <= 3.2

References

https://patchstack.com/database/wordpress/plugin/foodbake...

vdb-entry

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 19, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

Bonds (Patchstack Alliance)

WordPress

What is CVE-2025-39356?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit