CVE-2025-0855 – WordPress PGS Core Plugin PHP Object Injection Vulnerability

May 6, 2025

CVE ID : CVE-2025-0855

Published : May 6, 2025, 11:15 p.m. | 42 minutes ago

Description : The PGS Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.8.0 via deserialization of untrusted input in the ‘import_header’ function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleHow to Build Your Own Local AI: Create Free RAG and AI Agents with Qwen 3 and Ollama

Next Article CVE-2025-4372 – Google Chrome WebAudio Use After Free Vulnerability

The Power Of The Intl API: A Definitive Guide To Browser-Native Internationalization

This week in AI dev tools: GPT-5, Claude Opus 4.1, and more (August 8, 2025)

Elastic simplifies log analytics for SREs and developers with launch of Log Essentials

OpenAI launches GPT-5

5 ways business leaders can transform workplace culture – and it starts by listening

My 4 favorite image editing apps on Linux – and two are free Photoshop alternatives

How Google’s Genie 3 could change AI video – and let you build your own interactive worlds

How you’re charging your tablet is slowly killing it – 3 methods to avoid (and the right way)

Establishing Consistent Data Foundations with Laravel’s Database Population System

Establishing Consistent Data Foundations with Laravel’s Database Population System

Generate Postman Collections from Laravel Routes

This Week in Laravel: Free Laravel Idea, Laracon News, and More

Lenovo Legion Go 2 vs Legion Go — How Do These Gaming Handhelds Compare Based on Rumored Specs?

Lenovo Legion Go 2 vs Legion Go — How Do These Gaming Handhelds Compare Based on Rumored Specs?

9 Default Settings in Windows 11 You Didn’t Know Could Affect Performance and Privacy

DICE Responds to Battlefield 6 Community: Key Updates on Map Flow and Class Mechanics

CVE-2025-0855 – WordPress PGS Core Plugin PHP Object Injection Vulnerability

Black Hat USA 2025: Does successful cybersecurity today increase cyber-risk tomorrow?

Black Hat USA 2025: Policy compliance and the myth of the silver bullet

CVE-2025-7396 – WolfSSL Curve25519 Blinding Support Vulnerability (Side-Channel Attack)

Supercharging vector search performance and relevance with pgvector 0.8.0 on Amazon Aurora PostgreSQL

CVE-2025-51541 – Shopware Stored XSS Vulnerability

“Even though I worked on Oblivion Remastered, I’m still excited for Skyblivion.” Bethesda dev shouts out huge Oblivion remake mod coming later this year

What is Artificial Intelligence? Everything You Need to Know

Valve just announced every Steam sale date from now until Summer 2026 — here’s exactly when you can save big bucks on the best PC games

ISO 20022 – End of MT Coexistence for Cash Instructions Fast Approaching

Distribution Release: Ubuntu Cinnamon 25.04

CVE-2025-0855 – WordPress PGS Core Plugin PHP Object Injection Vulnerability

Related Posts