Deserialization of Untrusted Data in BoldGrid Client Invoicing by Sprout Invoices
CVE-2025-64227

Currently unrated

Key Information:

Vendor

WordPress
Status
Client Invoicing By Sprout Invoices
Vendor
CVE Published:
18 December 2025

What is CVE-2025-64227?

A security vulnerability exists in BoldGrid Client Invoicing by Sprout Invoices that allows for an Object Injection through the deserialization of untrusted data. This issue affects versions up to and including 20.8.7, and could potentially allow attackers to manipulate or inject malicious objects, compromising the integrity of the application and leading to unauthorized access or data manipulation. Proper validation and sanitization measures are crucial to mitigate this risk.

Affected Version(s)

Client Invoicing by Sprout Invoices <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/spro...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

mcdruid | Patchstack Bug Bounty Program
JSON
.
CVE-2025-64227 : Deserialization of Untrusted Data in BoldGrid Client Invoicing by Sprout Invoices