What is the CVSS score of CVE-2025-39358?

CVE-2025-39358 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.2%.

Which versions of Teastudio.Pl WP Posts Carousel are affected by CVE-2025-39358?

A high-severity vulnerability in the WP Posts Carousel plugin (versions up to 1.3.12) allows attackers to inject malicious objects through deserialization, potentially leading to remote code…

How to fix or mitigate CVE-2025-39358?

Within 24 hours: Audit all WordPress installations for WP Posts Carousel plugin presence and version; disable the plugin immediately if found. Within 7 days: Remove the plugin entirely or migrate content to an alternative carousel solution; implement Web Application Firewall rules to block suspicious serialized object patterns. Within 30 days: Conduct security assessment of affected systems for signs of compromise; establish plugin vetting process to prevent future vulnerable extensions.

Teastudio.Pl WP Posts Carousel CVE-2025-39358

EUVD-2025-17125 HIGH

Deserialization of Untrusted Data (CWE-502)

2025-06-06 audit@patchstack.com

Deserialization

8.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

8.8 HIGH

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Re-analysis Queued

Apr 29, 2026 - 10:22 vuln.today

cvss_changed

EUVD ID Assigned

Mar 14, 2026 - 18:10 euvd

EUVD-2025-17125

Analysis Generated

Mar 14, 2026 - 18:10 vuln.today

CVE Published

Jun 06, 2025 - 12:15 nvd

HIGH 8.8

DescriptionCVE.org

Deserialization of Untrusted Data vulnerability in Teastudio.Pl WP Posts Carousel allows Object Injection.This issue affects WP Posts Carousel: from n/a through 1.3.12.

AnalysisAI

A deserialization vulnerability in Teastudio (CVSS 8.8). High severity vulnerability requiring prompt remediation.

Technical ContextAI

CWE-502 (Insecure Deserialization). CVSS 8.8 indicates high severity. Affects Teastudio.

RemediationAI

Monitor vendor channels for patch availability.

CVE-2025-39358 vulnerability details – vuln.today

Back

Teastudio.Pl WP Posts Carousel CVE-2025-39358

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code