Seafood Company
Monthly
Unauthenticated PHP Object Injection in the ThemeREX SeaFood Company WordPress theme (versions ≤1.4) enables remote attackers to deliver crafted serialized payloads that trigger insecure deserialization within PHP, potentially leading to remote code execution, file manipulation, or full site compromise depending on available gadget chains in the host WordPress stack. Reported by Patchstack and tracked as EUVD-2025-210200, with no public exploit identified at time of analysis.
Unauthenticated PHP Object Injection in the ThemeREX SeaFood Company WordPress theme (versions ≤1.4) enables remote attackers to deliver crafted serialized payloads that trigger insecure deserialization within PHP, potentially leading to remote code execution, file manipulation, or full site compromise depending on available gadget chains in the host WordPress stack. Reported by Patchstack and tracked as EUVD-2025-210200, with no public exploit identified at time of analysis.