Deserialization of Untrusted Data Vulnerability in TF Woo Product Grid Addon for Elementor
CVE-2025-59007

8.1HIGH

Key Information:

Vendor: WordPress
Status: Tf Woo Product Grid Addon For Elementor
Vendor: CVE Published:; 22 October 2025

What is CVE-2025-59007?

A vulnerability exists in the TF Woo Product Grid Addon for Elementor which allows for deserialization of untrusted data, leading to potential object injection attacks. This issue affects versions of the addon up to and including 1.0.1, posing significant risks to websites using this product. Attackers could exploit this flaw to execute malicious payloads, thereby compromising the integrity and security of affected sites.

Affected Version(s)

TF Woo Product Grid Addon For Elementor <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/tf-w...

vdb-entry

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 22, 2025
Vulnerability Reserved
Sep 6, 2025

Credit

Phat RiO - BlueRock (Patchstack Alliance)

JSON

WordPress

What is CVE-2025-59007?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit