Object Injection Vulnerability in CouponXxL Plugin by WordPress
CVE-2025-52725

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: Couponxxl
Vendor: CVE Published:; 27 June 2025

What is CVE-2025-52725?

The CouponXxL plugin for WordPress is vulnerable to an object injection issue caused by the deserialization of untrusted data. This flaw can potentially allow attackers to execute arbitrary code within the application, leading to severe security risks. Affected versions include those earlier than 3.0.0, making it crucial for users to update to the latest version to mitigate this vulnerability.

Affected Version(s)

CouponXxL <= 3.0.0

References

https://patchstack.com/database/wordpress/theme/couponxxl...

vdb-entry

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 27, 2025
Vulnerability Reserved
Jun 19, 2025

Credit

Bonds (Patchstack Alliance)