CVE-2025-60230
Deferred Deferred - Pending Action
BaseFortify

Publication date: 2026-06-17

Last updated on: 2026-06-17

Assigner: Patchstack

Description
Deserialization of Untrusted Data vulnerability in Themeton The Barber Shop allows Object Injection. This issue affects The Barber Shop: from n/a through 1.9.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-17
Last Modified
2026-06-17
Generated
2026-06-17
AI Q&A
2026-06-17
EPSS Evaluated
N/A
NVD
CVE-2025-60230
EUVD
EUVD-2025-210244
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
themeton the_barber_shop From 1.0 (inc) to 1.9 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability in The Barber Shop WordPress theme allows unauthenticated attackers to perform code injection, SQL injection, path traversal, and denial of service attacks. Such exploits can lead to unauthorized access, data breaches, and system compromise.

These security risks can impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive data against unauthorized access and breaches.

Failure to address this vulnerability could result in non-compliance due to potential exposure of sensitive information and disruption of service.

Executive Summary

CVE-2025-60230 is a high-severity PHP Object Injection vulnerability found in The Barber Shop WordPress theme versions 1.9 and below. It allows attackers to inject malicious objects through deserialization of untrusted data, potentially leading to various attacks such as code injection, SQL injection, path traversal, and denial of service.

The vulnerability is unauthenticated, meaning attackers do not need any prior access to exploit it. This makes it particularly dangerous as it can be triggered remotely without credentials.

Impact Analysis

This vulnerability can have severe impacts including unauthorized code execution, data breaches through SQL injection, unauthorized file access via path traversal, and service disruption through denial of service attacks.

Because the vulnerability is unauthenticated, attackers can exploit it remotely without needing any credentials, increasing the risk of compromise.

If exploited, it could lead to full system compromise, data loss, or downtime, affecting the availability, integrity, and confidentiality of your systems.

Detection Guidance

There is no specific detection command or method provided in the available resources for identifying this vulnerability on your network or system.

Mitigation Strategies

Immediate mitigation steps include applying the Patchstack mitigation rule to block attacks targeting this vulnerability until an official patch is released.

It is also advised to update The Barber Shop WordPress theme to a version higher than 1.9 once available or seek assistance from your hosting provider or a developer to implement protective measures.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-60230. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart