CVE-2025-0855 – WordPress PGS Core Plugin PHP Object Injection Vulnerability

May 6, 2025

CVE ID : CVE-2025-0855

Published : May 6, 2025, 11:15 p.m. | 42 minutes ago

Description : The PGS Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.8.0 via deserialization of untrusted input in the ‘import_header’ function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleHow to Build Your Own Local AI: Create Free RAG and AI Agents with Qwen 3 and Ollama

Next Article CVE-2025-4372 – Google Chrome WebAudio Use After Free Vulnerability

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

This Motorola Razr deal at Best Buy is the top offer I’ve seen on the flip phone

Google Maps can identify and save places in your screenshots – here’s how

T-Mobile is giving loyal users a free line right now – how to see if you qualify

CTA warns of tariff-fueled price hikes on consumer tech – but it’s not all bad news

Big Node, VS Code, and Mantine updates

Big Node, VS Code, and Mantine updates

Prepare for Contact Center Week with Colleen Eager

Preparing for the Unthinkable: Safeguarding People and Productivity During India-Pakistan Conflicts

Microsoft confirms Offline Calendar for New Outlook on Windows 11

Microsoft confirms Offline Calendar for New Outlook on Windows 11

Windows 11 Microsoft Store tests Copilot integration to increase app downloads

Beyond APT: Software Management with Flatpak on Ubuntu

CVE-2025-0855 – WordPress PGS Core Plugin PHP Object Injection Vulnerability

Nmap 7.96 Launches with Lightning-Fast DNS and 612 Scripts

CVE-2025-4496 – TOTOLINK CloudACMunualUpdate Buffer Overflow Vulnerability

Windows Snipping Tool Gets Smarter with New Text Extractor feature in Upcoming Update

Private Vector Mean Estimation in the Shuffle Model: Optimal Rates Require Many Messages

Fireworks AI Releases Firefunction-v2: An Open Weights Function Calling Model with Function Calling Capability on Par with GPT4o at 2.5x the Speed and 10% of the Cost

Monitor server-side latency for Amazon ElastiCache for Valkey

It’s a wrap! RSA Conference 2024 highlights â€“ Week in security with Tony Anscombe

Innovative Machine Learning-Driven Discovery of Broadly Neutralizing Antibodies Against HIV-1 Using the RAIN Computational Pipeline

Keyless Entry System

CockroachDB retires self-hosted Core offering, makes Enterprise version free for companies under $10M in annual revenue

CVE-2025-0855 – WordPress PGS Core Plugin PHP Object Injection Vulnerability

Related Posts