CVE-2025-69122
Deferred Deferred - Pending Action
Unauthenticated PHP Object Injection in SeaFood Company

Publication date: 2026-06-17

Last updated on: 2026-06-17

Assigner: Patchstack

Description
Unauthenticated PHP Object Injection in SeaFood Company <= 1.4 versions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-17
Last Modified
2026-06-17
Generated
2026-06-17
AI Q&A
2026-06-17
EPSS Evaluated
N/A
NVD
CVE-2025-69122
EUVD
EUVD-2025-210200
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
patchstack seafood_company_theme to 1.4 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-69122 is a high-priority PHP Object Injection vulnerability found in the WordPress SeaFood Company Theme version 1.4 or lower.

This flaw allows unauthenticated attackers to inject malicious PHP objects, potentially leading to code execution, SQL injection, path traversal, denial of service, and other harmful actions if a suitable POP chain exists.

The vulnerability is severe, with a CVSS score of 9.8, and remains unpatched as of the latest report.

Impact Analysis

Exploitation of this vulnerability can have serious impacts including unauthorized code execution, data breaches through SQL injection, unauthorized file access via path traversal, and service disruption through denial of service attacks.

Because the vulnerability is unauthenticated and remotely exploitable, attackers can target thousands of websites running the vulnerable theme, potentially compromising sensitive data and website availability.

Immediate mitigation or updating the theme is advised to prevent these impacts.

Detection Guidance

The vulnerability affects the WordPress SeaFood Company Theme version 1.4 or lower. Detection involves identifying if this specific theme and version is installed on your WordPress site.

  • Check the installed theme version by accessing the WordPress admin dashboard under Appearance > Themes.
  • Alternatively, use command line tools to inspect the theme version, for example:
  • grep -r 'Version: 1.4' wp-content/themes/seafood-company/style.css
  • Look for suspicious activity or exploitation attempts in web server logs that may indicate PHP Object Injection attempts.
Mitigation Strategies

Immediate mitigation steps include:

  • Update the SeaFood Company theme to a version higher than 1.4 if available.
  • If no official patch is available, apply the temporary mitigation rule issued by Patchstack to block attacks.
  • Seek assistance from your hosting provider or a developer to implement security measures.
  • Monitor your system for signs of exploitation and consider restricting access to vulnerable endpoints.
Compliance Impact

The vulnerability in the SeaFood Company WordPress theme allows unauthenticated PHP Object Injection, which can lead to code execution, SQL injection, path traversal, and denial of service attacks. Such security flaws can result in unauthorized access to sensitive data or disruption of services.

Because of the potential for data breaches and service interruptions, this vulnerability could negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive data as well as maintaining system integrity and availability.

However, the provided information does not explicitly mention compliance impacts or specific regulatory considerations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-69122. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart