Deserialization Vulnerability in Photography Theme by ThemeGoods
CVE-2025-47584

8.5HIGH

Key Information:

Vendor

WordPress

Vendor
CVE Published:
6 June 2025

What is CVE-2025-47584?

A deserialization of untrusted data vulnerability exists in ThemeGoods' Photography theme, affecting all versions up to 7.5.2. This vulnerability could allow an attacker to exploit improperly handled serialized data, potentially leading to various security breaches. It is crucial for users running the affected versions to update immediately to mitigate risks associated with this issue.

Affected Version(s)

Photography <= 7.5.2

References

CVSS V3.1

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Rafie Muhammad (Patchstack)
.
CVE-2025-47584 : Deserialization Vulnerability in Photography Theme by ThemeGoods