Primary

Context

WordPress PIMP - Creative MultiPurpose Theme Deserialization of Untrusted Data Vulnerability

Vulnerability

A deserialization of untrusted data vulnerability has been identified in the WordPress PIMP - Creative MultiPurpose theme, affecting versions through 1.7. This vulnerability allows object injection, which could be exploited to manipulate website logic, cause a denial of service, or execute arbitrary code. There is no official fix available for this issue.

Impact

Exploitation of this vulnerability could lead to object injection, allowing for manipulation of website logic, causing a denial of service, or executing arbitrary code. A malicious actor could potentially execute commands to gain access to the admin panel.

Remediation

Patchstack has issued a virtual patch to mitigate this vulnerability by blocking attacks until an official fix becomes available. This virtual patch can be activated through the Patchstack service.

Added: Jun 9, 2025, 4:51 PM

Updated: Jun 9, 2025, 4:51 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.4

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.4

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WordPress PIMP - Creative MultiPurpose Theme Deserialization of Untrusted Data Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating