Object Injection Vulnerability in WP Maintenance Plugin by Florent Maillefaud
CVE-2025-47683

7.2HIGH

Key Information:

Vendor: WordPress
Status: WP Maintenance
Vendor: CVE Published:; 7 May 2025

Summary

A vulnerability exists in the WP Maintenance plugin developed by Florent Maillefaud, allowing for Object Injection through deserialization of untrusted data. This flaw affects versions from n/a up to 6.1.9.7, potentially compromising data integrity and security on affected WordPress sites. It is essential for users of this plugin to address this issue promptly to safeguard their systems against possible exploitation.

Affected Version(s)

WP Maintenance <= 6.1.9.7

References

https://patchstack.com/database/wordpress/plugin/wp-maint...

vdb-entry

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 7, 2025
Vulnerability Reserved
May 7, 2025

Credit

Ngo Bui Truong Vu (Patchstack Alliance)