Object Injection Vulnerability in Constant Contact for WordPress by WebDevStudios
CVE-2025-48101

8.8HIGH

Key Information:

Vendor: WordPress
Status: Constant Contact For WordPress
Vendor: CVE Published:; 9 September 2025

What is CVE-2025-48101?

A vulnerability has been identified in the Constant Contact for WordPress plugin developed by WebDevStudios, which allows for Object Injection through the deserialization of untrusted data. This affects versions from n/a to 4.1.1. This security flaw could be exploited by attackers to execute arbitrary code or manipulate data within the application, posing significant risks to website owners and users.

Affected Version(s)

Constant Contact for WordPress <= 4.1.1

References

https://patchstack.com/database/wordpress/plugin/constant...

vdb-entry

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 9, 2025
Vulnerability Reserved
May 15, 2025