CVE-2025-69404
Awaiting Analysis Awaiting Analysis - Queue

Deserialization Vulnerability in ThemeREX Extreme Store Enables Object Injection

Vulnerability report for CVE-2025-69404, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-02-20

Last updated on: 2026-04-01

Assigner: Patchstack

Description

Deserialization of Untrusted Data vulnerability in ThemeREX Extreme Store extremestore allows Object Injection.This issue affects Extreme Store: from n/a through <= 1.5.10.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-02-20
Last Modified
2026-04-01
Generated
2026-07-06
AI Q&A
2026-02-20
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
themerex extreme_store From 1.0.0 (inc) to 1.5.7 (inc)
themerex extreme_store to 1.5.7 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': "CVE-2025-69404 is a vulnerability in the ThemeREX Extreme Store WordPress theme, specifically affecting versions up to 1.5.7. It involves deserialization of untrusted data, which allows for PHP object injection. This means that an attacker could potentially inject malicious objects through the theme's code by exploiting how it processes serialized data."}, {'type': 'paragraph', 'content': 'The vulnerability is considered low priority with low severity, and there is no official patch or fixed version available. Although some parts of the description label it as highly dangerous and potentially exploitable, the overall assessment suggests it is unlikely to be exploited.'}] [1]

Impact Analysis

If exploited, this vulnerability could allow an attacker to perform PHP object injection, which might lead to unauthorized code execution or manipulation of the application behavior. However, the risk is considered low because the vulnerability is unlikely to be exploited in practice.

Since there is no official patch, users of the affected theme should consider mitigation strategies or protective services, such as those offered by Patchstack, to reduce potential risks.

Compliance Impact

I don't know

Detection Guidance

There are no specific detection methods or commands provided for identifying this vulnerability on your network or system.

Mitigation Strategies

No official patch or fixed version is available for this vulnerability at this time.

Patchstack offers mitigation services and rapid protection through its platform, which users can consider to help protect against this issue.

It is recommended to subscribe to WordPress security intelligence updates to stay informed about any future fixes or mitigation strategies.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-69404. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart