Skip to main content

Ricky

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-25032 CRITICAL PATCH Act Now

A deserialization of untrusted data vulnerability exists in the park_of_ideas Ricky theme (all versions prior to 2.31) that allows object injection attacks. An attacker can inject malicious serialized PHP objects to achieve arbitrary code execution or data manipulation. While no CVSS score or EPSS data is currently available and KEV status is unknown, the CWE-502 classification indicates a critical deserialization flaw that typically requires network access but no authentication.

Deserialization Ricky
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-25032
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

A deserialization of untrusted data vulnerability exists in the park_of_ideas Ricky theme (all versions prior to 2.31) that allows object injection attacks. An attacker can inject malicious serialized PHP objects to achieve arbitrary code execution or data manipulation. While no CVSS score or EPSS data is currently available and KEV status is unknown, the CWE-502 classification indicates a critical deserialization flaw that typically requires network access but no authentication.

Deserialization Ricky
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy