Deserialization Vulnerability in ThemeGoods Photography by ThemeGoods
CVE-2025-47579

9CRITICAL

Key Information:

Vendor: WordPress
Status: Photography
Vendor: CVE Published:; 9 September 2025

What is CVE-2025-47579?

A vulnerability has been identified in ThemeGoods Photography, which allows for the deserialization of untrusted data. This security flaw can lead to potential PHP object injection, impacting the integrity and security of the affected application. Versions of Photography from n/a through 7.5.2 are known to be vulnerable, highlighting the importance of updating to secure versions to mitigate risks.

Affected Version(s)

Photography <= 7.5.2

References

https://patchstack.com/database/wordpress/theme/photograp...

vdb-entry

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 9, 2025
Vulnerability Reserved
May 7, 2025

Credit

Rafie Muhammad (Patchstack)

WordPress

What is CVE-2025-47579?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit