CVE-2025-23944: 
WordPress vulnerability analysis and mitigation

A Deserialization of Untrusted Data vulnerability was discovered in WOOEXIM.COM WOOEXIM that allows Object Injection. The vulnerability affects WOOEXIM versions through 5.0.0 and was disclosed on January 16, 2025. The issue has been assigned CVE-2025-23944 and received a CVSS v3.1 base score of 8.8 (HIGH) (Patchstack).

The vulnerability is classified as CWE-502 (Deserialization of Untrusted Data). It received a CVSS v3.1 vector string of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating network accessibility, low attack complexity, low privileges required, no user interaction needed, and high impacts on confidentiality, integrity, and availability (NVD).

This PHP Object Injection vulnerability could potentially allow a malicious actor to execute code injection, SQL injection, path traversal, or denial of service attacks if a proper POP chain is present. The high CVSS score of 8.8 indicates this vulnerability is highly dangerous and expected to become mass exploited (Patchstack).

Currently, no official fix is available for this vulnerability. Patchstack has issued a virtual patch to mitigate the issue by blocking potential attacks until an official fix becomes available (Patchstack).