CVE-2025-67619
BaseFortify
Publication date: 2026-01-22
Last updated on: 2026-01-29
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| designthemes | kids_heaven | to 3.2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-67619 is a PHP Object Injection vulnerability in the WordPress Kids Heaven Theme (versions up to and including 3.2). It allows attackers to inject malicious code by exploiting deserialization of untrusted data, potentially leading to code injection, SQL injection, path traversal, denial of service, and other attacks if a suitable PHP Object Injection POP chain is present. [1]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized code execution, database compromise through SQL injection, unauthorized file access via path traversal, denial of service attacks, and other malicious activities. It poses a high risk with a CVSS score of 8.8 and can be exploited by users with at least subscriber or developer privileges, potentially compromising the security and availability of affected websites. [1]
What immediate steps should I take to mitigate this vulnerability?
Since no official patch is available for this PHP Object Injection vulnerability in Kids Heaven Theme up to version 3.2, you should immediately apply the mitigation rule provided by Patchstack to block attacks targeting this vulnerability. This mitigation helps protect your website until an official fix is released. Additionally, ensure that only trusted users with subscriber or developer privileges have access, as the vulnerability requires such privileges to be exploited. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
There is no specific detection command or method provided for this vulnerability. However, Patchstack has issued a mitigation rule that can block attacks targeting this PHP Object Injection vulnerability in the Kids Heaven WordPress theme until an official patch is released. Users are advised to apply this mitigation immediately to protect their websites. No direct detection commands or network scanning instructions are mentioned. [1]