CVE-2025-47579
BaseFortify
Publication date: 2025-09-09
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| themegoods | photography | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-47579 is a high-severity PHP Object Injection vulnerability in the WordPress Photography theme up to version 7.5.2. It allows unauthenticated attackers to inject malicious PHP objects, potentially leading to remote code execution, SQL injection, path traversal, denial of service, and other attacks if a suitable Property Oriented Programming (POP) chain is available. [1]
How can this vulnerability impact me? :
This vulnerability can have critical impacts including remote code execution, allowing attackers to run arbitrary code on your server; SQL injection, which can compromise your database; path traversal, potentially exposing sensitive files; denial of service, disrupting your website availability; and other attacks. Since it requires no authentication, it poses a high risk of mass exploitation. [1]
What immediate steps should I take to mitigate this vulnerability?
Apply the Patchstack virtual patch (vPatch) which automatically mitigates the vulnerability by blocking attack attempts until an official patch is released. It is recommended to use this virtual patch for rapid protection. Additionally, if your website has already been compromised, seek professional incident response services. [1]