Description
Deserialization of Untrusted Data vulnerability in themeton The Fashion - Model Agency One Page Beauty Theme nrgfashion allows Object Injection.This issue affects The Fashion - Model Agency One Page Beauty Theme: from n/a through <= 1.4.4.
Published: 2025-06-09
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Deserialization of untrusted data in The Fashion - Model Agency One Page Beauty Theme permits object injection, allowing an attacker to supply crafted serialized payloads that the theme will unserialize. This flaw can enable arbitrary code execution or privilege escalation within the WordPress installation, compromising the confidentiality, integrity, and availability of the site.

Affected Systems

WordPress sites that employ The Fashion - Model Agency One Page Beauty Theme at version 1.4.4 or earlier are affected. Any installation running any preceding version is vulnerable because the flaw exists in all releases up to and including 1.4.4.

Risk and Exploitability

The CVSS score of 9.8 indicates a high severity risk. The EPSS score of less than 1 % suggests that exploitation opportunities are low, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that an attacker could remotely exploit the flaw by injecting malicious serialized data through the theme’s public configuration interface or API, potentially gaining full control over the WordPress site. Despite the low exploitation probability, the severity warrants prompt remediation.

Generated by OpenCVE AI on May 1, 2026 at 07:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the theme to a release newer than 1.4.4 to eliminate the deserialization flaw.
  • If no newer version is available, replace the theme with an alternative that does not process untrusted serialized data.
  • Sanitize or restrict any input that reaches the theme by disabling PHP’s unserialize() on untrusted data and enforcing strict type checks to prevent inadvertent deserialization.

Generated by OpenCVE AI on May 1, 2026 at 07:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-17493 Deserialization of Untrusted Data vulnerability in themeton The Fashion - Model Agency One Page Beauty Theme allows Object Injection. This issue affects The Fashion - Model Agency One Page Beauty Theme: from n/a through 1.4.4.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Deserialization of Untrusted Data vulnerability in themeton The Fashion - Model Agency One Page Beauty Theme allows Object Injection. This issue affects The Fashion - Model Agency One Page Beauty Theme: from n/a through 1.4.4. Deserialization of Untrusted Data vulnerability in themeton The Fashion - Model Agency One Page Beauty Theme nrgfashion allows Object Injection.This issue affects The Fashion - Model Agency One Page Beauty Theme: from n/a through <= 1.4.4.
Title WordPress The Fashion - Model Agency One Page Beauty Theme <= 1.4.4 - Deserialization of untrusted data Vulnerability WordPress The Fashion - Model Agency One Page Beauty Theme plugin <= 1.4.4 - Deserialization of untrusted data Vulnerability
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Fri, 11 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00054}

 epss

{'score': 0.00058}

Tue, 10 Jun 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 09 Jun 2025 16:15:00 +0000

Type Values Removed Values Added
Description Deserialization of Untrusted Data vulnerability in themeton The Fashion - Model Agency One Page Beauty Theme allows Object Injection. This issue affects The Fashion - Model Agency One Page Beauty Theme: from n/a through 1.4.4.
Title WordPress The Fashion - Model Agency One Page Beauty Theme <= 1.4.4 - Deserialization of untrusted data Vulnerability
Weaknesses CWE-502
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:04.347Z

Reserved: 2025-03-26T09:23:34.541Z

Link: CVE-2025-31052

cve-icon Vulnrichment

Updated: 2025-06-10T13:50:56.875Z

cve-icon NVD

Status : Deferred

Published: 2025-06-09T16:15:37.197

Modified: 2026-04-23T15:27:37.010

Link: CVE-2025-31052

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T07:45:06Z

Weaknesses