Skip to main content

Lagom

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-60229 CRITICAL Act Now

PHP object injection in the Themeton Lagom WordPress theme (versions up to and including 2.0) allows remote attackers to trigger unsafe deserialization of attacker-controlled data, potentially leading to full site compromise. The flaw is reported by Patchstack and carries a critical CVSS of 9.8 (AV:N/AC:L/PR:N/UI:N); no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Deserialization Lagom
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-60229
EPSS 0% CVSS 9.8
CRITICAL Act Now

PHP object injection in the Themeton Lagom WordPress theme (versions up to and including 2.0) allows remote attackers to trigger unsafe deserialization of attacker-controlled data, potentially leading to full site compromise. The flaw is reported by Patchstack and carries a critical CVSS of 9.8 (AV:N/AC:L/PR:N/UI:N); no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Deserialization Lagom
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy