CVE-2025-52724: 
WordPress vulnerability analysis and mitigation

A Deserialization of Untrusted Data vulnerability (CVE-2025-52724) was discovered in BoldThemes Amwerk theme affecting versions through 1.2.0. The vulnerability was initially reported on June 8, 2025, and publicly disclosed on July 1, 2025. This security issue has been assigned a critical CVSS score of 9.8, indicating its high severity (Patchstack).

The vulnerability is classified as a PHP Object Injection issue, falling under the CWE-502 (Deserialization of Untrusted Data) category. It received a CVSS v3.1 base score of 9.8 (Critical) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating network accessibility, low attack complexity, and no required privileges for exploitation (Patchstack).

The vulnerability could allow a malicious actor to execute code injection, SQL injection, path traversal, and denial of service attacks if a proper POP chain is present. Due to its critical nature, this vulnerability is expected to become mass exploited, with attackers potentially targeting websites through automated attacks before users have time to implement patches (Patchstack).

Users are advised to update to Amwerk version 1.3.0 or later to resolve the vulnerability. Additionally, Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks until users can update to the fixed version (Patchstack).