Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-69371

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-20 Feb, 2026 | 15:46
Updated At-20 Feb, 2026 | 15:46
Rejected At-
Credits

WordPress KindlyCare theme <= 1.6.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in AncoraThemes KindlyCare kindlycare allows Object Injection.This issue affects KindlyCare: from n/a through <= 1.6.1.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:20 Feb, 2026 | 15:46
Updated At:20 Feb, 2026 | 15:46
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress KindlyCare theme <= 1.6.1 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in AncoraThemes KindlyCare kindlycare allows Object Injection.This issue affects KindlyCare: from n/a through <= 1.6.1.

Affected Products
Vendor
AncoraThemes
Product
KindlyCare
Collection URL
https://themeforest.net
Package Name
kindlycare
Default Status
unaffected
Versions
Affected
  • From n/a through <= 1.6.1 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-502Deserialization of Untrusted Data
Type: CWE
CWE ID: CWE-502
Description: Deserialization of Untrusted Data
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-586Object Injection
CAPEC ID: CAPEC-586
Description: Object Injection
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) | Patchstack Bug Bounty Program
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/Wordpress/Theme/kindlycare/vulnerability/wordpress-kindlycare-theme-1-6-1-php-object-injection-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/Wordpress/Theme/kindlycare/vulnerability/wordpress-kindlycare-theme-1-6-1-php-object-injection-vulnerability?_s_id=cve
Resource:
vdb-entry
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:20 Feb, 2026 | 16:22
Updated At:20 Feb, 2026 | 16:55

Deserialization of Untrusted Data vulnerability in AncoraThemes KindlyCare kindlycare allows Object Injection.This issue affects KindlyCare: from n/a through <= 1.6.1.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-502Primaryaudit@patchstack.com
CWE ID: CWE-502
Type: Primary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/Wordpress/Theme/kindlycare/vulnerability/wordpress-kindlycare-theme-1-6-1-php-object-injection-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/Wordpress/Theme/kindlycare/vulnerability/wordpress-kindlycare-theme-1-6-1-php-object-injection-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

7Records found
CVE-2025-69372
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-Not Assigned
EPSS-0.02% / 6.36%
||
7 Day CHG~0.00%
Published-20 Feb, 2026 | 15:46
Updated-20 Feb, 2026 | 16:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SevenHills theme <= 1.6.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in AncoraThemes SevenHills sevenhills allows Object Injection.This issue affects SevenHills: from n/a through <= 1.6.2.

Action-Not Available
Vendor-AncoraThemes
Product-SevenHills
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-60225
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 27.10%
||
7 Day CHG+0.04%
Published-22 Oct, 2025 | 14:32
Updated-20 Jan, 2026 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress BugsPatrol theme <= 1.5.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in AncoraThemes BugsPatrol bugspatrol allows Object Injection.This issue affects BugsPatrol: from n/a through <= 1.5.0.

Action-Not Available
Vendor-AncoraThemes
Product-BugsPatrol
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-32292
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.14% / 33.83%
||
7 Day CHG~0.00%
Published-23 May, 2025 | 12:43
Updated-23 May, 2025 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Jarvis – Night Club, Concert, Festival WordPress <= 1.8.11 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in AncoraThemes Jarvis – Night Club, Concert, Festival WordPress allows Object Injection. This issue affects Jarvis – Night Club, Concert, Festival WordPress: from n/a through 1.8.11.

Action-Not Available
Vendor-AncoraThemes
Product-Jarvis – Night Club, Concert, Festival WordPress
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-31423
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.14% / 33.83%
||
7 Day CHG~0.00%
Published-23 May, 2025 | 12:44
Updated-23 May, 2025 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Umberto <= 1.2.8 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in AncoraThemes Umberto allows Object Injection. This issue affects Umberto: from n/a through 1.2.8.

Action-Not Available
Vendor-AncoraThemes
Product-Umberto
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-31631
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.14% / 33.83%
||
7 Day CHG~0.00%
Published-23 May, 2025 | 12:44
Updated-23 May, 2025 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Fish House <= 1.2.7 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in AncoraThemes Fish House allows Object Injection. This issue affects Fish House: from n/a through 1.2.7.

Action-Not Available
Vendor-AncoraThemes
Product-Fish House
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-49072
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.13% / 33.25%
||
7 Day CHG+0.03%
Published-06 Jun, 2025 | 12:15
Updated-06 Jun, 2025 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Mr. Murphy < 1.2.12.1 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in AncoraThemes Mr. Murphy allows Object Injection.This issue affects Mr. Murphy: from n/a before 1.2.12.1.

Action-Not Available
Vendor-AncoraThemes
Product-Mr. Murphy
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-48289
Matching Score-6
Assigner-Patchstack
ShareView Details
Matching Score-6
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.14% / 33.83%
||
7 Day CHG~0.00%
Published-23 May, 2025 | 12:43
Updated-23 May, 2025 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Kids Planet <= 2.2.14 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in AncoraThemes Kids Planet allows Object Injection. This issue affects Kids Planet: from n/a through 2.2.14.

Action-Not Available
Vendor-AncoraThemes
Product-Kids Planet
CWE ID-CWE-502
Deserialization of Untrusted Data
Details not found