Skip to main content

Reisen

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-69111 CRITICAL Act Now

Unauthenticated PHP object injection in the ThemeREX Reisen WordPress theme versions 1.4.1 and earlier allows remote attackers to trigger deserialization of attacker-controlled data without authentication. Successful exploitation can lead to full site compromise via gadget chains commonly available in WordPress core or active plugins, with CVSS rated 9.8 critical. No public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

PHP Deserialization Reisen
NVD VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-69111
EPSS 0% CVSS 9.8
CRITICAL Act Now

Unauthenticated PHP object injection in the ThemeREX Reisen WordPress theme versions 1.4.1 and earlier allows remote attackers to trigger deserialization of attacker-controlled data without authentication. Successful exploitation can lead to full site compromise via gadget chains commonly available in WordPress core or active plugins, with CVSS rated 9.8 critical. No public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

PHP Deserialization Reisen
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy