CVE-2025-69130
Deferred Deferred - Pending Action
BaseFortify

Publication date: 2026-06-17

Last updated on: 2026-06-17

Assigner: Patchstack

Description
Subscriber PHP Object Injection in Entrepreneur - Booking for Small Businesses WordPress Theme <= 3.1.3 versions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-17
Last Modified
2026-06-17
Generated
2026-06-17
AI Q&A
2026-06-17
EPSS Evaluated
N/A
NVD
CVE-2025-69130
EUVD
EUVD-2025-210259
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
patchstack booking_for_small_businesses to 3.1.3 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The WordPress theme "Entrepreneur - Booking for Small Businesses" version 3.1.3 or lower contains a high-priority PHP Object Injection vulnerability (CVE-2025-69130).

This flaw allows attackers to inject malicious PHP objects, which can lead to code execution, SQL injection, path traversal, denial of service, and other harmful actions if a suitable POP (Property Oriented Programming) chain exists.

The vulnerability is severe, with a CVSS score of 8.8, indicating a high risk and potential for widespread exploitation across many websites.

Impact Analysis

This vulnerability can have serious impacts including unauthorized code execution on your website, which may lead to data breaches or site defacement.

Attackers could exploit it to perform SQL injection, potentially exposing or manipulating your database.

It also allows path traversal attacks, which could let attackers access sensitive files on the server.

Additionally, it can cause denial of service, making your website unavailable to legitimate users.

Overall, this vulnerability poses a high risk to the security and availability of your website.

Mitigation Strategies

Immediate action is advised to mitigate this high-priority PHP Object Injection vulnerability in the Entrepreneur - Booking for Small Businesses WordPress theme version 3.1.3 or lower.

  • Update the theme to a newer version if available.
  • If no official patch is available, apply the mitigation rule issued by Patchstack to block attacks until a fix is released.
  • Seek assistance from your hosting provider or a web developer to implement these mitigations safely.
Compliance Impact

The vulnerability in the Entrepreneur - Booking for Small Businesses WordPress theme allows attackers to execute code injection, SQL injection, path traversal, denial of service, and other malicious activities. Such unauthorized access and potential data breaches could lead to non-compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive information against unauthorized access and ensuring system integrity.

Because this vulnerability can lead to high-impact compromises (confidentiality, integrity, and availability), organizations using the affected theme may face increased risk of violating these standards if the vulnerability is exploited and sensitive data is exposed or systems are disrupted.

Immediate mitigation and patching are advised to reduce the risk of non-compliance and potential legal or regulatory consequences.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-69130. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart