Skip to main content

Real Testimonials CVE-2026-59521

| EUVDEUVD-2026-43432 HIGH
Deserialization of Untrusted Data (CWE-502)
2026-07-13 Patchstack
7.2
CVSS 3.1 · Vendor: Patchstack
Share

Severity by source

Vendor (Patchstack) PRIMARY
7.2 HIGH
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from Vendor (Patchstack) · only source for this CVE.

CVSS VectorVendor: Patchstack

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jul 13, 2026 - 10:21 vuln.today
CVE Published
Jul 13, 2026 - 08:41 cve.org
HIGH 7.2

DescriptionCVE.org

Deserialization of Untrusted Data vulnerability in ShapedPlugin LLC Real Testimonials testimonial-free allows Object Injection.This issue affects Real Testimonials: from n/a through <= 3.1.15.

AnalysisAI

PHP Object Injection in the ShapedPlugin Real Testimonials (testimonial-free) WordPress plugin affects all versions up to and including 3.1.15, allowing a high-privileged authenticated user to inject serialized PHP objects that the plugin unsafely deserializes. Depending on gadget chains present in WordPress core, other active plugins, or themes, this can escalate to arbitrary code execution, data disclosure, or site compromise. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Recommended ActionAI

Within 24 hours: Audit all WordPress administrator account activity and credential access logs; identify and document all WordPress installations running Real Testimonials plugin versions 3.1.15 and earlier. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-59521 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy