CVE-2025-60205— WordPress ThemeREX Addons plugin <= 2.36.1.1 - PHP Object Injection vulnerability
Possible ATT&CK Techniques 2AI
T1059 · Command and Scripting Interpreter T1190 · Exploit Public-Facing ApplicationAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ThemeREX | ThemeREX Addons | n/a≤ 2.36.1.1 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-60205
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
WordPress ThemeREX Addons plugin <= 2.36.1.1 - PHP Object Injection vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
Unauthenticated PHP Object Injection in ThemeREX Addons <= 2.36.1.1 versions.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
可信数据的反序列化
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| ThemeREX | ThemeREX Addons | n/a ~ 2.36.1.1 | - |
II. Public POCs for CVE-2025-60205
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-60205
请登录查看更多情报信息。
Patches & Fixes for CVE-2025-60205 (1)
Same Patch Batch · ThemeREX · 2026-06-17 · 29 CVEs total
| CVE-2025-69111 | 9.8 CRITICAL | WordPress Reisen theme <= 1.4.1 - PHP Object Injection vulnerability |
| CVE-2025-69127 | 9.8 CRITICAL | WordPress Plumbing theme <= 1.6 - PHP Object Injection vulnerability |
| CVE-2025-69106 | 8.1 HIGH | WordPress Imba theme <= 1.5.0 - Local File Inclusion vulnerability |
| CVE-2025-69126 | 8.1 HIGH | WordPress Fortius theme <= 2.3.0 - Local File Inclusion vulnerability |
| CVE-2025-69158 | 8.1 HIGH | WordPress Granola theme <= 1.13 - Local File Inclusion vulnerability |
| CVE-2025-69175 | 8.1 HIGH | WordPress Line Agency theme <= 1.3.1 - Local File Inclusion vulnerability |
| CVE-2025-69174 | 8.1 HIGH | WordPress Etude theme <= 1.6 - Local File Inclusion vulnerability |
| CVE-2025-69170 | 8.1 HIGH | WordPress Eventicity theme <= 1.5 - Local File Inclusion vulnerability |
| CVE-2025-69164 | 8.1 HIGH | WordPress Skyward theme <= 1.10 - Local File Inclusion vulnerability |
| CVE-2025-69123 | 8.1 HIGH | WordPress Snow Club theme <= 1.1 - Local File Inclusion vulnerability |
| CVE-2025-69144 | 8.1 HIGH | WordPress Preservation theme <= 1.10 - Local File Inclusion vulnerability |
| CVE-2025-69115 | 8.1 HIGH | WordPress LuxMed | Medicine & Healthcare Doctor WordPress Theme theme <= 1.2.2 - Local Fil |
| CVE-2025-69157 | 8.1 HIGH | WordPress Gamic theme <= 1.15 - Local File Inclusion vulnerability |
| CVE-2025-69120 | 8.1 HIGH | WordPress Dazzle theme <= 1.0.0 - Local File Inclusion vulnerability |
| CVE-2026-22331 | 8.1 HIGH | WordPress AutoParts theme <= 1.5.8 - Local File Inclusion vulnerability |
| CVE-2025-69166 | 8.1 HIGH | WordPress Gunslinger theme <= 1.7 - Local File Inclusion vulnerability |
| CVE-2025-69161 | 8.1 HIGH | WordPress Snowy theme <= 1.13 - Local File Inclusion vulnerability |
| CVE-2025-69110 | 8.1 HIGH | WordPress AirSupply theme <= 2.0.0 - Local File Inclusion vulnerability |
| CVE-2025-69171 | 8.1 HIGH | WordPress Orpheus theme <= 1.3 - Local File Inclusion vulnerability |
| CVE-2025-69145 | 8.1 HIGH | WordPress Gat theme <= 1.16 - Local File Inclusion vulnerability |
Showing top 20 of 29 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same vendor: ThemeREX
- CVE-2025-69175
WordPress Line Agency theme <= 1.3.1 - Local File Inclusion - CVE-2025-69174
WordPress Etude theme <= 1.6 - Local File Inclusion vulnerab - CVE-2025-69170
WordPress Eventicity theme <= 1.5 - Local File Inclusion vul - CVE-2025-69166
WordPress Gunslinger theme <= 1.7 - Local File Inclusion vul - CVE-2025-69164
WordPress Skyward theme <= 1.10 - Local File Inclusion vulne
Same weakness: CWE-502
- CVE-2026-53805
NVIDIA SIL GEN3C Unauthenticated RCE via Pickle Deserializat - CVE-2026-53874
picklescan - Arbitrary Code Execution via Obfuscated eval Ca - CVE-2025-71321
picklescan - Arbitrary File Writing via distutils Module Byp - CVE-2025-60236
WordPress Creatify theme <= 1.5 - PHP Object Injection vulne - CVE-2025-60231
WordPress The Hospital theme <= 1.8.1 - PHP Object Injection
V. Comments for CVE-2025-60205
No comments yet