Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Primary

Context

WPMU Dev Appointments WordPress Plugin PHP Object Injection Vulnerability

Vulnerability

Exploited

A PHP Object Injection vulnerability has been identified in the WPMU Dev Appointments WordPress plugin, affecting versions through 2.2.1. The vulnerability arises from the deserialization of untrusted data in the 'wpmudev_appointments' cookie, allowing unauthenticated attackers to inject PHP objects. Exploitation of this vulnerability was observed in the wild, with attackers using the WP_Theme() class to create backdoors on the affected sites.

Impact

Exploitation of this vulnerability allows for PHP Object Injection, which can be used to execute arbitrary code or create backdoors on the affected site, potentially leading to a full takeover of the website.

Remediation

Users of the WPMU Dev Appointments WordPress plugin should update to version 2.2.2 or a newer patched version.

Added: Oct 18, 2025, 4:24 AM

Updated: Oct 18, 2025, 4:24 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

9.1

remediation

7.7

relevance

0.7

threat

8.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

9.1

remediation

7.7

relevance

0.7

threat

8.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Actively Exploited in the Wild

WPMU Dev Appointments WordPress Plugin PHP Object Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating