Primary

Context

WordPress NHR Options Table Manager Object Injection Vulnerability via Deserialization

Vulnerability

A deserialization vulnerability allowing object injection has been identified in the NHR Options Table Manager plugin for WordPress, affecting versions through 1.1.2. This vulnerability arises from the improper handling of untrusted data during the deserialization process.

Impact

Exploitation of this vulnerability could lead to object injection, which may be used to manipulate the application's logic, cause a denial-of-service, or execute arbitrary code. In this case, it could potentially allow a malicious actor to execute commands to access the admin panel.

Remediation

Users of the NHR Options Table Manager plugin should update to version 1.1.3 or later to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

4.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

4.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WordPress NHR Options Table Manager Object Injection Vulnerability via Deserialization

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating