Skip to main content

The Hospital

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-60231 CRITICAL Act Now

Unauthenticated PHP Object Injection in the EMV "The Hospital" WordPress theme (nrghospital) through version 1.8.1 lets remote attackers trigger deserialization of attacker-controlled data, which can be chained with available POP gadgets to achieve full compromise of the host site. CVSS 9.8 reflects unauthenticated network exploitability with high CIA impact; no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

Deserialization The Hospital
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-60231
EPSS 0% CVSS 9.8
CRITICAL Act Now

Unauthenticated PHP Object Injection in the EMV "The Hospital" WordPress theme (nrghospital) through version 1.8.1 lets remote attackers trigger deserialization of attacker-controlled data, which can be chained with available POP gadgets to achieve full compromise of the host site. CVSS 9.8 reflects unauthenticated network exploitability with high CIA impact; no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.

Deserialization The Hospital
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy